From: Ian Kluft <ikluft@cisco.com>
Message-Id: <199801070618.WAA29617@tiber.cisco.com>
Subject: Re: [sameer@c2.net: Re: ZDNet article]
To: new-httpd@apache.org
Date: Tue, 6 Jan 1998 22:18:29 -0800 (PST)
In-Reply-To: <19980106145505.23100@texas.net> from "Michael Douglass" at Jan
 6, 98 02:55:05 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

> From: Michael Douglass <mikedoug@texas.net>
> On Tue, Jan 06, 1998 at 01:42:53PM -0700, Marc Slemko said:
> > What it boils down to is that using a freely available version of Apache
> > with ssl patches in the US for commercial purposes violates RSA's patents
> > (since you obviously don't have a RSA license) and is illegal. 
> 
> Okay, so we have 2 years to wait and then we can go freely unto the golden
> gate of apache-ssl.  The RSA patent expires in the year 2000. :)

True.  But before you get your hopes up too high about that statement,
be sure to avoid a few pitfalls...

The expiration is late in 2000, something like September.  Also, even after
the patent expiration, RSA will continue to own the copyright on their code
and anything derive from it.  Copyrights do not expire.  So, when the time
comes, use someone else's code that you have either permission or license
to use.

And the state of US export regulations in 2000 could still get in the way
if it isn't all resolved by then.  The export restrictions are based on
a 53-year-old rule classifying any effective cryptography in the same class
as munitions because of the way they affected the outcome of WWII.  Even
though we consider it very important to have them overturned for use of
cryptography in privacy protection, the military considers it very important
to keep it the way it is - in their minds it's still a defense matter.
-- 
Ian Kluft  KO6YQ PP-ASEL                                  Cisco Systems, Inc.
ikluft@cisco.com (work)  ikluft@thunder.sbay.org (home)          San Jose, CA