With all due respect, Lee, I have not given any legal advice on the list
except a little "word of caution". RSADSI has certainly sued people for
infringement of the of their patents; though maybe not simple users of RSA.
It seems to me that you are the one on the list giving legal advice, namely
advocating patent infringement. I don't personally care if you want to put
your own company's financial stability (remember RSA Security's response to
your message a month or so ago: "So your mother raised a theif?") in
jeaopardy, but please don't blithely suggest to others that US patent law
and corporate patent attorneys are things that they can safely ignore. They
may be: but is that a risk you feel comfortable advocating *others* to take
with what may be their sole livelihood? Remember that damages in patent
infringement lawsuits are tripled when the infringement was willfull.
With regard to my legal analysis regarding algorithms and toothbrushes, yes
it's a hoky analogy and as I stated several times, no I'm not a lawyer. But
neither are you, Lee, correct? What's more, in his reply to my original
message, Greg Broiles, A LAWYER, stated:
>
>Well, I am a lawyer, and your conclusions are correct. The "buy one
>product and throw it away but 'keep the license'" theory is attractive
>but DOES NOT WORK IN THE UNITED STATES. If it did, there'd be no reason
>to buy any product at all - you could just use the license from a copy
>of Netscape or IE browsers, available for free, to legitimize your
>RSA/OpenSSL implementation. Does that pass the "common sense test"?
Again, I don't mean any disrespect at all, but this is at least the second
time on this list that you've advised people that they really don't need to
be concerned with whether or not they're violating some other company's
patent rights. Your demeanor suggests that you don't take such things
seriously (c.f. your exhoration to me to "lighten up"), but my suggestion is
that they should be taken seriously; that's all. I think that's reasonable.
Dave Neuer
Software Engineer
Futuristics Labs, Inc.
www.futuristics.net
-----Original Message-----
From: Leland V. Lammert <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, November 22, 1999 2:04 PM
Subject: Re: OpenSSL usage liability, RHSWS, and toothbrushes
>Jeeze, boobie! Lighten UP!! There have been no court cases on the issue
(are you a lawyer or a judge??), .. and your analogy to piece parts is
invalid. Quit giving bogus legal advice!
>
> Lee
>
>At 09:39 AM 11/18/99 , you wrote:
>>-----Original Message-----
>>From: Leland V. Lammert <[EMAIL PROTECTED]>
>>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>>Date: Thursday, November 18, 1999 1:55 AM
>>Subject: Re: OpenSSL usage liability.
>>
>>
>> >At 05:59 PM 11/17/99 , you wrote:
>><snip>
>> >
>> >Another option - puchase the RedHat secure server for $149, and throw it
>>away (retaining the license, of course). That way, you WOULD be legal with
>>openssl.
>> >
>> > Lee
>>
>>Look at it this way: Manufacturer A patents a new bristle technology for
>>toothbrushes. Manufacturer B makes a toothbrush using the same
technology.
>>Does buying a toothbrush from Manufacturer A give you a right to use
>>Manufacturer B's toothbrush? US PATENT LAW SAYS NO! The only time you
have
>>a right to use Manufacturer B's toothbrush is if Manufacturer B licenses
the
>>patent from Manufacturer A. This is entirely independant of any
>>relationship between the end customer and Manufacturer A.
>>
>>I have seen this idea tossed around on this list and on the mod_ssl list,
>>that somehow licensing RHSWS or Raven allows one to use *any*
implementation
>>of RSA. I personally don't see any factual or legal evidence to support
>>this conclusion. It seems that with all of these products, (and with
their
>>crypto toolkits, too), RSA is licensing you "software", not rights to an
>>algorithm. That software that they are licensing you happens to use their
>>patented algorithm (which is certainly lawful, since they own the patent,
>>and the software). You have a right to use the algorithm ONLY because you
>>have a right to use the *software* that you licensed from them.
>>
>>The license that comes with RHSWS 2.0 states at the top that the software
>>"[is] protected by copyright *and other laws*. Title to these programs ...
>>shall at all times remain with the aformentioned ..." (emphasis mine).
The
>>aforementioned the clause refers to are Red Hat Software and RSA Data
>>Security, Inc. (now just RSA Security, Inc.).
>>
>>Subsequently in the RSA portion of the license agreement, it states:
>>
>> "The Software Programs include software licensed from RSA Data
Security,
>>Inc. ("RSA Software"). You may not modify, translate, reverse engineer,
>>decompile, or dissasemble the RSA Software or any part thereof, or
otherwise
>>attepmt to derive the source code therefrom, and you shall not authorize
any
>>third party to do any of the foregoing. *Nothing in this Agreement grants
>>you any rights, license, or interest with respect to the source code for
the
>>RSA Software*..."
>>
>>Again, the emphasis is mine. Now, granted, this agreement does not
>>specifically address the patent issue by name. However, I would say that
>>the language of the agreement certainly expresses RSA's intent to limit
the
>>licensee's rights to use the "Software". Add that to the fact that,
AFAIK,
>>RSA has *never* licensed anyone to use their own implementation of RSA in
>>the US (one must always license BSAFE), and I'd say even a lawyer (one of
>>which I am not) would have a hard time arguing that buying RHSWS in any
way
>>grants you rights to use any other implementation of RSA's patented
>>algorithms.
>>
>>I actually had a conversation (via email) with Preston Brown of Red Hat,
and
>>he told me that the reason that they distribute RHSWS as a
statically-linked
>>binary only, with source just for the apache part (rather than with the
>>crypto part as a binary DSO, so that the server could be recompiled, as
some
>>vendors do), is that their license with RSA prohibited it; it seems RSA
>>wasn't keen on the idea that the user might have some discreet crypto lib
>>lying around on their system that they could try to put to arbitrary uses.
>>
>>I feel I must repeat, "I AM NOT A LAWYER." However, I'd suggest anyone
>>adhering to the idea that licensing a particular RSA implementation gives
>>them any rights to the algorithm itself go get one, because they may
ending
>>needing his/her service in court. September 2000 can't come soon enough.
>>
>>Dave Neuer
>>Software Engineer
>>Futuristics Labs, Inc.
>>www.futuristics.net
>>
>>______________________________________________________________________
>>OpenSSL Project http://www.openssl.org
>>User Support Mailing List [EMAIL PROTECTED]
>>Automated List Manager [EMAIL PROTECTED]
>
>============================================
> Leland V. Lammert [EMAIL PROTECTED]
> Chief Scientist Omnitec Corporation
> Network/Internet Consultants www.omnitec.net
>============================================
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
