Hi
On Sun, 24 Sep 2000, Jim A. wrote:
>
> But on this link:
> From 06SEP2000 forward, companies will be able to develop products that incorporate
>their own implementation of the RSA
> algorithm and sell these products in the U.S.
>
> So, does that mean since OpeenSSL/Mod_SSL was created (but outside the US)
> before this date, that it's now available in the US royalty free, or does it
> mean that a 'new' product (Mod_SSL+ ???) incorporating RSA-REF now would
> allow be legal for use withing the US?
>
> I think I'll send them an email and see what happens.
> I'd rather get the information from the horses mouth directly =)
RSA can no longer make anyone pay royalties for RSA encryption, except
possibly on copyright of licensed RSA code (RSA-REF is the exception,
since it's always been free). mod_ssl has no encryption code of its own,
it uses OpenSSL for _all_ its encryption, and OpenSSL can be asked to use
RSAREF over its standard libraries. This has been discussed on the
OpenSSL lists, and basically they intend to dump RSAREF now, as it's not
as good as native OpenSSL code. AFAIK OpenSA's always used non-RSAREF
code, making it a no-no in the US before 6 Sept.
See the OpenSSL-user list archive for more info.
Luke
--
Luke Ross (Fizzy Razzer) - [EMAIL PROTECTED]
Visit http://lcr.sys3175.co.uk for geek code, other addresses, web page etc.
