httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Clary <>
Subject Re: SSL in US?
Date Mon, 17 Feb 1997 07:32:05 GMT
> What is the current thinking on a SSL version of Apache and US law? I
> have ported SSLeay, RSAREF 2.0, and Apache-SSL to OS/2, but am
> concerned about releaseing my code.

RSA still insists that RC4 and RC2 are trade secrets and are willing
to sue anyone who uses them...

Aparently, hooks for cryptographic libraries are OK, so a version of
apache could be released with generic hooks for any cryptographic
library.. I'm sure this would make myself and Ben and the  guys at
Stronghold (C2?) very happy...

Idea needs liscencing as well, but its not strictly needed for
web use, so you can compile without it..

RSARef is fine for use in the US commercial or otherwise as long as
its not SOLD commercialy, which apache isn't...  You can even charge
as much as $50 on a shareware basis for products using RSARef.

Otherwise, no problems..  I've been badgering RSA with the help of a
few friends at Consensus to get them to release a new version of
RSARef with RC2 and RC4 built in.. They are already showing signs
of considering liscencing it the same as RSARef with the restriction
that it is used only for SSL, SET, SMIME and a few other secure
internet protocol implamentations..  That would be a big win..

The best idea, is to just put the hooks into Apache and distribute
various crypto modules inside and outside the US, to avoid
import/export difficulties..


View raw message