From: Bodo Moeller <[EMAIL PROTECTED]>
: > From what I've heard even RSAREF is not legal to use inside the US for
: > commercial purposes. However, verisign (a division of RSA) does not
have a
: > problem issuing certificates for servers running OpenSSL (SSLeay is
actually
: > what is mentioned). They say this on their homepage and there is no
mention
: > of RSAREF. This leads me to believe that RSA really doesn't care about
: > people using OpenSSL (with RSAREF or without) within the US.
:
: There are commercial web-servers based on SSLeay/OpenSSL that are
: legal to use in the US. Plus, if you desperately want to use a free
: one, you can obtain an RSA license yourself -- but it'll likely be
: much more costly than buying a commercial derivate of Apache.
That's not what I meant. What I was saying is that Verisign condones and
supports the use of "freeware apache", and will issue certificates for it.
Are you saying that this implies that the users of "freeware apache" have
also purchased an RSA license? That's not how I read it. But you are free
to look for yourself at
http://digitalid.verisign.com/server/apacheNotice.htm
The other thing I was asking is if using RSAREF within the US, for
commercial use, is really worth it. It seems that RSAREF for commercial use
inside the US is just as bad as using standard OpenSSL.
Also, has anyone here purchased redhat secure server, in order to obtain the
RSA license, and then used apache/openssl instead? Any thoughts on the
legality of this?
--Adam
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
