On 6 February 2013 15:04, Steve Marquess <marqu...@opensslfoundation.com> wrote: > On 02/06/2013 09:43 AM, Salz, Rich wrote: >>> There are actually two licenses. The second allows all software (even >>> closed), but only for non-military use. >> >> I would say that's still a problem. For example, we could use OpenSSL on >> our network to provide acceleration for public DoD sites. Is that military >> use? Suppose it's for use on a CIA extranet? Suppose it's for use on an >> internal FBI network linking field offices to HQ? To the CIA doing the same >> thing internationally? How do I decide? How does the OpenSSL team set >> things up so that their (yes, yes, non-paying) customers don't do the wrong >> thing by default? >> >> If you want to limit the use of your invention, which is entirely your >> right, it is best to distribute it yourself. > > +1. > > The intent is noble but the practical implications get messy very > quickly. For better or worse OpenSSL is very widely used, for good as > well as evil, and the licensing situation is muddled enough as it is. > > Personally I think the existence and unrestricted availability of > OpenSSL benefits the good far more than evil. >
There is a third option for licensing of OCB. From Phil Rogaway's website: "For other contexts, I license OCB under fair, reasonable, and non-discriminatory terms. Here is an old patent-assurance letter I wrote for the IEEE promising this. I expect licensees to pay a small, one-time fee. I intend that no solvent company should find licensing to be a significant burden." Would the OpenSSL Foundation ever consider purchasing such a license (assuming sufficient sponsorship could be found), if the license could be made compatible with the OpenSSL license? Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org