From: Dave Neuer <[EMAIL PROTECTED]>
: Don't bet on it. Verisign and Thawte are in the business of issuing
: certificates, NOT policing US patent violations (especially since Thawte
is
: base in S. Africa). I think it would be particularly unwise to assume
that
: just because one company is willing to issue a certificate that *could* be
: used by a *particular user* in a manner that infringes on a patent, that
the
: owner of the patent won't take action against *actual* violaters. It is
: *probably* not a patent infringement for Verisign or Thawte to issue certs
: for use w/ the OpenSSL implementation of RSA (caveat: IANAL); it *is* a
: patent violation to *use* said certs in the US (for commercial purposes
: period, for any other purposes if you didn't use RSAREF).
:
: RSADSI has been known to aggressively pursue patent infringers when the
: infringement was developing a product or toolkit that they felt infringed
on
: their patents; I haven't seen mention of them taking action against a mere
: *user* of their patented technology, but I wouldn't blithely discount the
: possibility, either.
I'm not discounting the possibility. If I didn't think this was an issue, I
wouldn't be asking about it at all.
It just annoys me that there is *no* open source option inside the US, and
that I am basically being held hostage by companies that want upwards of
$300 for their software. What I will probably do is purchase a copy of RH
secure server *just* for the license (since it is really just apache +
mod_ssl anyway) and use the standard apache+mod_ssl instead. I am
investigating the legality of this right now.
--Adam
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
