Re: What US companies need to know about RSA

Mon, 20 Sep 1999 10:46:03 -0700 

On Mon, 20 Sep 1999, Dave Neuer wrote:

> -----Original Message-----
> From: Aaron D. Turner <[EMAIL PROTECTED]>
> To: Stunnel Maillist <[EMAIL PROTECTED]>;
> [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Friday, September 17, 1999 5:43 PM
> Subject: What US companies need to know about RSA
> 
> 
> >
> >
> >After a lot of research and talking with people from the Stunnel and
> >OpenSSL lists, and 3 phone calls to RSA itself, I've learned far more
> >than I ever wanted to know about RSA's patent and licensing. [Contrary
> >to the last person who posted on this list, I found both Stunnel and
> >OpenSSL lists very informative.]  I figured there were a lot of people
> >out there who would benifit from this info.  Of course if you see any
> >errors, feel free to let me know. Maybe I can get this added to some
> >FAQ?
> 
> I've suggested this before too, but the closer we get to September 2000, the
> less urgent it seems.

Still though, it's a very common question.
 
> >
> >Basically, all I wanted to do is run a generic SSL reverse proxy for a
> >number of services/hosts.  I also wanted Client Certificates for added
> >security.  All this was for internal use only type stuff like IMAP and
> >secure access to internal web servers for my employees.  None of this
> >is stuff that I make any money off of directly- ie. I'm not trying to
> >sell anything with SSL or RSA in it
> 
> If this is the case (ie, it's not part of a product or service you sell),
> why not just use RSARef?  You can't get it from RSADSI any more, but you can
> still get it, and the license would appear to permit this.

[disclaimer, I'm not a lawyer]

My understanding of the RSAref license does not support this.  My
understanding is that if I'm a corporate entity, I must license the
RSA algorithm directly or indirectly from RSA Security.  RSA also
supported this conclusion in my phone conversations with them.  The
problem revolves around the fact that they see my use of RSA as
enabler in my efforts to make money.  Hence I'm making money
indirectly from RSA and they want a (big) cut of that profit.

-- 
Aaron Turner        [EMAIL PROTECTED]  650.237.0300 x252
Security Engineer                         Vicinity Corp.        
Cell: 408-314-9874  Pager: 650-317-1821   http://www.vicinity.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to