On Fri, May 21, 1999 at 11:05:38AM -0400, Adam D. McKenna wrote:
> From: Bodo Moeller <[EMAIL PROTECTED]>
>>> From what I've heard even RSAREF is not legal to use inside the US
>>> for commercial purposes. However, verisign (a division of RSA)
>>> does not have a problem issuing certificates for servers running
>>> OpenSSL (SSLeay is actually what is mentioned). They say this on
>>> their homepage and there is no mention of RSAREF. This leads me
>>> to believe that RSA really doesn't care about people using OpenSSL
>>> (with RSAREF or without) within the US.
>> There are commercial web-servers based on SSLeay/OpenSSL that are
>> legal to use in the US. Plus, if you desperately want to use a free
>> one, you can obtain an RSA license yourself -- but it'll likely be
>> much more costly than buying a commercial derivate of Apache.
> That's not what I meant. What I was saying is that Verisign condones and
> supports the use of "freeware apache", and will issue certificates for it.
> Are you saying that this implies that the users of "freeware apache" have
> also purchased an RSA license? That's not how I read it. But you are free
> to look for yourself at
> http://digitalid.verisign.com/server/apacheNotice.htm
I see, they directly refer to freeware. But Verisign has customers
not only in the U.S., and not every use of a HTTPS server is
commercial (as defined by the RSAREF license); so there are various
possibilities to get a Verisign certificate without buying a patent
license and without violating patents.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]