William,
[Several overlapping, and in some cases inappropriate, CC's elided].
I suspect the original message you are referring to is a spoof. Even if
the message is not a spoof, the licensing terms of OpenSSL and SSLeay are
included with every one of the countless copies of both libraries that
have been distributed on the Internet over the years. Anybody, which most
definitely includes you, can verify within minutes that OpenSSL and SSLeay
ship with a with a world-wide, perpetual, royalty-free license.
Now what I would like to know is this: why are you wasting the time of
thousands of individuals by spamming numerous mailing lists with FUD that
could have been trivially disproved by spending less than 5 minutes on
research?
Thanks,
--Lucky
On Sun, 2 Jul 2000, William H. Geiger III wrote:
>
> Below is a couple of messages posted to the OpenSSL users mailing list.
> Seems someone down at RSADSI has lost it. I found the part about them
> *owning* EAY quite amusing. I wounder if anyone bothered telling him that
> he is considered owned property of RSADSI.
>
>
> -------------------------------------------------------------------------
> The following message is forwarded to you by "William H. Geiger III"
> <[EMAIL PROTECTED]> (listed as the From user of this message). The
> original sender (see the header, below) was [EMAIL PROTECTED] and
> has been set as the "Reply-To" field of this message.
> -------------------------------------------------------------------------
> >Return-Path: <[EMAIL PROTECTED]>
> >Received: from ossp.org (ossp1.ossp.org [62.208.181.50])
> > by domains.invweb.net (8.9.3/8.9.3) with ESMTP id QAA12892
> > for <[EMAIL PROTECTED]>; Wed, 28 Jun 2000 16:38:05 -0400
> >Received: by mail.ossp.org (Sendmail 8.10.2+/smtpfeed 1.07) for openssl-users-L2
> > id e5SKaOM89942; Wed, 28 Jun 2000 22:36:24 +0200 (CEST)
> >Received: by mail.ossp.org (Sendmail 8.10.2+) via ESMTP for
><[EMAIL PROTECTED]>
> > from opensource.ee.ethz.ch id e5SKaNV89938; Wed, 28 Jun 2000 22:36:23 +0200
>(CEST)
> >Received: by en5.engelschall.com (Sendmail 8.9.2/smtpfeed 1.06) for openssl-users-L
> > id WAA24723; Wed, 28 Jun 2000 22:36:19 +0200 (MET DST)
> >Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for
><[EMAIL PROTECTED]>
> > from gateway.hie.com id WAA24709; Wed, 28 Jun 2000 22:36:15 +0200 (MET DST)
> >Received: by gateway.hublink.com with Internet Mail Service (5.5.2650.21)
> > id <N2DACG2H>; Wed, 28 Jun 2000 16:30:38 -0400
> >Message-ID: <[EMAIL PROTECTED]>
> >From: Bill Rebey <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Legality - just heated up
> >Date: Wed, 28 Jun 2000 14:30:38 -0600
> >X-Old_TimeStamp: Wed, 28 Jun 2000 16:30:38 -0400
> >MIME-Version: 1.0
> >X-Mailer: Internet Mail Service (5.5.2650.21)
> >Content-Type: text/plain;
> > charset="iso-8859-1"
> >Sender: [EMAIL PROTECTED]
> >Precedence: bulk
> >Reply-To: [EMAIL PROTECTED]
> >X-Sender: Bill Rebey <[EMAIL PROTECTED]>
> >X-List-Manager: OpenSSL Majordomo [version 1.94.4]
> >X-List-Name: openssl-users
> >Status:
>
> I just got off the phone with, among others, John Riley at RSA. He's
> claiming things like (paraphrased):
>
> "It's flat out illegal to use OpenSSL for Commercial purposes" "Even if
> you use OpenSSL, it still uses RSA technologies that you have to pay
> royalties for (regardless whether it uses RSA encryption or not)" "We own
> EAY, thus we own SSLeay/OpenSSL"
>
> He's leaning on us to pay $70K up front, plus $636 in royalty fees for
> every copy of our product that we sell!!
>
> Can anyone clarify any of this for me?
>
> Is there another group that I should mail to that would be a more
> appropriate or authoritative audience for such legal questions?
>
> Thanks again,
>
> Bill Rebey
>
>
>
> -----Original Message-----
> From: Bill Rebey
> Sent: Wednesday, June 28, 2000 4:06 PM
> To: [EMAIL PROTECTED]
> Subject: Legality
>
> Hi all,
>
> Assuming I ever get OpenSSL figured out and working, I need to know about
> the legality of using OpenSSL.
>
> I am using it in a Commercial product.
>
> What can and can't I use? I control both the client and server, so the
> brand of encryption that I use is not important. What's far more
> important is that I avoid using anything that requires licensing,
> royalties, fees, etc.
>
> Is there a definitive source for this information somewhere?
>
> Thanks for any help you can offer,
>
> Bill Rebey
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
> -----------------------------------------------------
> -- End of forwarded message
> -----------------------------------------------------
> --
> ---------------------------------------------------------------
> William H. Geiger III http://www.openpgp.net
> Geiger Consulting
>
> Data Security & Cryptology Consulting
> Programming, Networking, Analysis
>
> PGP for OS/2: http://www.openpgp.net/pgp.html
> E-Secure: http://www.openpgp.net/esecure.html
> ---------------------------------------------------------------
>
>
>
>
-- Lucky Green <[EMAIL PROTECTED]> PGP encrypted email preferred.
