definitive answer on legality of apache-ssl for U.S. commercial use?

To: <debian-user@lists.debian.org>
Subject: definitive answer on legality of apache-ssl for U.S. commercial use?
From: "Chad Pankratz" <chadp@ncdc.com>
Date: Mon, 17 Aug 1998 18:11:44 -0500
Message-id: <[🔎] 002401bdca34$6783c140$01ed10ac@chadp.ncdc.com>

I've read in the SSLeay FAQ (http://www.psy.uq.oz.au/~ftp/Crypto/) that it
is "probably" illegal to use it for commercial use in the U.S.  Apparently,
in order to make it legal, one would have to license the RSA algorithms.

I read in a Usenet post (attached below) that Debian has somehow licensed or
otherwise made a deal with RSA.  Does anybody know if this is in fact true?
Therefore, is it legal to use Debian's apache-ssl package (which I can find
in the unstable package area)?

btw, the post also mentions that obtaining a Verisign cert is another way to
take care of making oneself legal in the eyes of RSA.  I do in fact have an
email in to Verisign to find out about this, in case the Debian lead doesn't
work out; haven't heard back from them yet.  I wonder if certs from the
other CA's have the same effect....

btw again, I am in fact also sending an email to the maintainer of the
apache-ssl package (dunno if he reads this list)... kind of attacking this
question from all angles at once.

tia for any info anyone can provide.

[Usenet post follows]
----------------------------------------------------------------------------
----

We're currently running Apache+SSL with a Verisign cert.  According to
them, we are legal WRT RSA...  I believe part of the fee covers an
agreement with RSA.  At least that's what they told us.

Charles

Charles Sprickman
spork@super-g.com
----

On Sat, 11 Jul 1998, Vince Vielhaber wrote:

> On Sat, 11 Jul 1998, Glynn Clements wrote:
>
> >
> > Numard (Norberto Meijome) wrote:
> >
> > > i'm interested in setting up an https server to do web commerce. The
> > > server is in USA. I'm actually running apache. I was planning to
install
> > > apache-ssl (w/ ssl-Leavy).
>
> Running apache-ssl in the USA you will run into licensing problems with
> RSA.  I tried licensing directly through them and was told the license
> would cost $10,000 plus royalties.  Both RedHat and Debian have made deals
> with RSA, perhaps someone like Walnut Creek could do likewise.  I'm still
> investigating whether the RedHat or Debian license of RSA is transferable
> to a different OS, 'cuze I won't run linux (I've admin'd enough of that).
>
> Vince.
> --
> ==========================================================================
> Vince Vielhaber -- KA8CSH   email: vev@michvhf.com   flame-mail: /dev/null
>        # include <std/disclaimers.h>                   TEAM-OS2
>    Online Searchable Campground Listings    http://www.camping-usa.com
>        "There is no outfit less entitled to lecture me about bloat
>                than the federal government"  -- Tony Snow
> ==========================================================================
>

--
Chad Pankratz
chadp@ncdc.com
701-663-6511 x167

Reply to:

Prev by Date: Re: help
Next by Date: Re: pathchar documentation
Previous by thread: Re: Is it possible to have a prompt with a dynamic clock ?
Next by thread: Linux Firewall
Index(es):
- Date
- Thread