Re: RSA + OpenSSL + Legal

Michael H. Warfield Wed, 09 Aug 2000 11:14:24 -0700
On Wed, Aug 09, 2000 at 01:10:52PM -0500, Benji Spencer wrote:
> we are looking at moving from out Netscape Enterprise SSL web server and 
> going to Apache+SSL (Apache-ssl, Ben's SSL) anyhow..we want to do this 
> legally, and we know that RSA has some copyright issues....I thought this 
> would be a problem..but it might not be.

        It's not copyright (unless you do use rsaref - and then they
do have some copyright code on you) but rather patent (on the RSA
algorithm).  The patent expires in another month and a half (September
20 if memory serves me right).

> I looked at our current NES server was using, and RSA isn't on the list 
> (RC[24] and DES with MD5 and SHA message authentication is basically all 
> that is listed).

> now...when I was on the phone with the RSA Tech, he said that in order to 
> Use OpenSSL with Apache+SSL, I would have to no include the rsaref, and rip 
> the RSA Crypto out of OpenSSL. Do I need to go that far? What if I just 
> specified the "-no-rsa" when I compile OpenSSL? Is there any RSA code in 
> the compiled version at that point?

        I wouldn't think so, but there are more knowledgible people on this
point on this list...

> Our main concerns are
> 1) we don't want to loose functionality. If RSA was being used before, we 
> still want it (was it being used before though?)
> 2) we want it implement the SSL legally.

        Can you wait another month and a half?  The rules are gonna change.
Then you can use RSA legally.

> If anyone has any insight into this, I would appreciate it. I looked in the 
> archives, and didn't see anything directly relating to this (then again, I 
> might have missed something also)

> thanks.

> benji

> ---
> Benji Spencer
> Web Programmer
> Moody Bible Institute
> 312-329-2288

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  [EMAIL PROTECTED]
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: RSA + OpenSSL + Legal

Reply via email to
