Ed,
>As far as I know, its only against the law if you *export* the technology.
>And even then, as long as you compile and distribute only the executable at
>lower security (40-bit) encryption - along with, perhaps pointers to where
to
>get SSLeay - it is legal.
>
>Is this right? If not, what am I missing?
Thatīs not right, unfortunately.
At http://www.psy.uq.oz.au/~ftp/Crypto/ :
"inside the USA RSA hold patents over the RSA algorithms, however if you use
RSAREF (which SSLeay can link to) then non-commercial use is probably okay.
For commercial purposes you need to talk to RSA to license one of their
toolkits (BSAFE) or come to some other licensing arrangement with them."
Thatīs why I thought that if OpenSSL can substitute SSLeay without the
patents problem then we could really build a commercial and free (legal) SSL
web server.
Thatīs what I was looking for, but according to the msg I just received from
Lutz it seems that OpenSSL has the same problems. I will look for the RSADSI
license, but then it wonīt be free anymore :(
Alan Pogrebinschi
DWG Computacao Grafica Ltda.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
