[openssl.org #53] RE: Certificate
Dear Sir or Madam A certificate was created by our IT Manager using your software to access our internal Help Desk website which hosts KeyStone application. Each time we open the website we have a certificate notification saying "You chose not to trust this ..". The entire error message is in the file attached. We use Windows 98 and Internet Explorer and get this problem dispite importing the certificate in the option of viewing it. Our manager uses Netscape and it asked him only first time to import it. He doesn't need to do it again, while we have to do it every single time. Please help. Thank you very much. Regards Elvira <> Confidentiality Statement *** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please delete it from your system and notify Mobile Innovations immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Mobile Innovations. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Security evaluation
I was wondering if there has been any formal security evaluation of the OpenSSL libraries especially the crypto, either by itself or in conjunction with any other product using OpenSSL. Apologies if this is the wrong forum for this question. -Suresh Chari __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Security evaluation
On Fri, May 24, 2002 at 11:52:24AM -0400, Suresh N Chari wrote: > I was wondering if there has been any formal > security evaluation of the OpenSSL libraries > especially the crypto, either by itself or > in conjunction with any other product using > OpenSSL. > > Apologies if this is the wrong forum for this > question. I don't know a better forum than that. I am not aware of a formal security evaluation that has been proformed in the past. At least I have not seen any results of one. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[no subject]
OpenSSL is the cornerstone for Open Source projects using encryption. Has anyone done an analysis of what legalities need doing to use it legally in the United States? I have several charities and the like who'd love to use it but can't risk a legal conflict. TIA. __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Your mail
On Fri, 24 May 2002 15:28:44 -0700 (PDT), john traenky wrote: >OpenSSL is the cornerstone for Open Source projects >using encryption. Has anyone done an analysis of what >legalities need doing to use it legally in the United >States? I have several charities and the like who'd >love to use it but can't risk a legal conflict. TIA. Read the laws yourself and come to your own conclusions or hire a lawyer. That said, it is my opinion that you are more or less okay if you publish your source code. Otherwise, you need to obtain a license or license exemption. This procedure is quite straightforward. DS __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Your mail
The first part of David's suggestion is correct: your best bet is to get your own legal counsel. If the charities want to deploy it for their own use, e.g., with Apache so they can take donations over the net :), then disregard the license exemption. Here, your primary concern is: does my use (in the US) of openssl violate any patents? The news is mostly good. RSA has expired. The RC4-compatible crypto implementation in openssl *might* be RSA, Inc., property, but you're not liable. It could have possibly been trade secret. At any rate, the cipher is ARC4, not RSA's RC4, so don't worry. IDEA, not typically used in SSL/TLS, is patented. Build your version with -DNO_IDEA (or whatever the flag is). That's my advice. I'm not a lawyer, and more importantly, I'm not *your* lawyer. /r$ David Schwartz wrote: > On Fri, 24 May 2002 15:28:44 -0700 (PDT), john traenky wrote: > >>OpenSSL is the cornerstone for Open Source projects >>using encryption. Has anyone done an analysis of what >>legalities need doing to use it legally in the United >>States? I have several charities and the like who'd >>love to use it but can't risk a legal conflict. TIA. > > > Read the laws yourself and come to your own conclusions or hire a lawyer. > That said, it is my opinion that you are more or less okay if you publish > your source code. Otherwise, you need to obtain a license or license > exemption. This procedure is quite straightforward. > > DS > > > __ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
