I've read in the SSLeay FAQ (http://www.psy.uq.oz.au/~ftp/Crypto/) that it is "probably" illegal to use it for commercial use in the U.S. Apparently, in order to make it legal, one would have to license the RSA algorithms.
I read in a Usenet post (attached below) that Debian has somehow licensed or otherwise made a deal with RSA. Does anybody know if this is in fact true? Therefore, is it legal to use Debian's apache-ssl package (which I can find in the unstable package area)? btw, the post also mentions that obtaining a Verisign cert is another way to take care of making oneself legal in the eyes of RSA. I do in fact have an email in to Verisign to find out about this, in case the Debian lead doesn't work out; haven't heard back from them yet. I wonder if certs from the other CA's have the same effect.... btw again, I am in fact also sending an email to the maintainer of the apache-ssl package (dunno if he reads this list)... kind of attacking this question from all angles at once. tia for any info anyone can provide. [Usenet post follows] ---------------------------------------------------------------------------- ---- We're currently running Apache+SSL with a Verisign cert. According to them, we are legal WRT RSA... I believe part of the fee covers an agreement with RSA. At least that's what they told us. Charles Charles Sprickman [EMAIL PROTECTED] ---- On Sat, 11 Jul 1998, Vince Vielhaber wrote: > On Sat, 11 Jul 1998, Glynn Clements wrote: > > > > > Numard (Norberto Meijome) wrote: > > > > > i'm interested in setting up an https server to do web commerce. The > > > server is in USA. I'm actually running apache. I was planning to install > > > apache-ssl (w/ ssl-Leavy). > > Running apache-ssl in the USA you will run into licensing problems with > RSA. I tried licensing directly through them and was told the license > would cost $10,000 plus royalties. Both RedHat and Debian have made deals > with RSA, perhaps someone like Walnut Creek could do likewise. I'm still > investigating whether the RedHat or Debian license of RSA is transferable > to a different OS, 'cuze I won't run linux (I've admin'd enough of that). > > Vince. > -- > ========================================================================== > Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null > # include <std/disclaimers.h> TEAM-OS2 > Online Searchable Campground Listings http://www.camping-usa.com > "There is no outfit less entitled to lecture me about bloat > than the federal government" -- Tony Snow > ========================================================================== > -- Chad Pankratz [EMAIL PROTECTED] 701-663-6511 x167
