The first part of David's suggestion is correct: your best bet is to get
your own legal counsel.
If the charities want to deploy it for their own use, e.g., with Apache
so they can take donations over the net :), then disregard the license
exemption. Here, your primary concern is: does my use (in the US) of
openssl violate any patents?
The news is mostly good. RSA has expired. The RC4-compatible crypto
implementation in openssl *might* be RSA, Inc., property, but you're not
liable. It could have possibly been trade secret. At any rate, the
cipher is ARC4, not RSA's RC4, so don't worry.
IDEA, not typically used in SSL/TLS, is patented. Build your version
with -DNO_IDEA (or whatever the flag is).
That's my advice. I'm not a lawyer, and more importantly, I'm not
*your* lawyer.
/r$
David Schwartz wrote:
> On Fri, 24 May 2002 15:28:44 -0700 (PDT), john traenky wrote:
>
>>OpenSSL is the cornerstone for Open Source projects
>>using encryption. Has anyone done an analysis of what
>>legalities need doing to use it legally in the United
>>States? I have several charities and the like who'd
>>love to use it but can't risk a legal conflict. TIA.
>
>
> Read the laws yourself and come to your own conclusions or hire a lawyer.
> That said, it is my opinion that you are more or less okay if you publish
> your source code. Otherwise, you need to obtain a license or license
> exemption. This procedure is quite straightforward.
>
> DS
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
