Jeeze, boobie! Lighten UP!! There have been no court cases on the issue (are you a
lawyer or a judge??), .. and your analogy to piece parts is invalid. Quit giving bogus
legal advice!
Lee
At 09:39 AM 11/18/99 , you wrote:
>-----Original Message-----
>From: Leland V. Lammert <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>Date: Thursday, November 18, 1999 1:55 AM
>Subject: Re: OpenSSL usage liability.
>
>
> >At 05:59 PM 11/17/99 , you wrote:
><snip>
> >
> >Another option - puchase the RedHat secure server for $149, and throw it
>away (retaining the license, of course). That way, you WOULD be legal with
>openssl.
> >
> > Lee
>
>Look at it this way: Manufacturer A patents a new bristle technology for
>toothbrushes. Manufacturer B makes a toothbrush using the same technology.
>Does buying a toothbrush from Manufacturer A give you a right to use
>Manufacturer B's toothbrush? US PATENT LAW SAYS NO! The only time you have
>a right to use Manufacturer B's toothbrush is if Manufacturer B licenses the
>patent from Manufacturer A. This is entirely independant of any
>relationship between the end customer and Manufacturer A.
>
>I have seen this idea tossed around on this list and on the mod_ssl list,
>that somehow licensing RHSWS or Raven allows one to use *any* implementation
>of RSA. I personally don't see any factual or legal evidence to support
>this conclusion. It seems that with all of these products, (and with their
>crypto toolkits, too), RSA is licensing you "software", not rights to an
>algorithm. That software that they are licensing you happens to use their
>patented algorithm (which is certainly lawful, since they own the patent,
>and the software). You have a right to use the algorithm ONLY because you
>have a right to use the *software* that you licensed from them.
>
>The license that comes with RHSWS 2.0 states at the top that the software
>"[is] protected by copyright *and other laws*. Title to these programs ...
>shall at all times remain with the aformentioned ..." (emphasis mine). The
>aforementioned the clause refers to are Red Hat Software and RSA Data
>Security, Inc. (now just RSA Security, Inc.).
>
>Subsequently in the RSA portion of the license agreement, it states:
>
> "The Software Programs include software licensed from RSA Data Security,
>Inc. ("RSA Software"). You may not modify, translate, reverse engineer,
>decompile, or dissasemble the RSA Software or any part thereof, or otherwise
>attepmt to derive the source code therefrom, and you shall not authorize any
>third party to do any of the foregoing. *Nothing in this Agreement grants
>you any rights, license, or interest with respect to the source code for the
>RSA Software*..."
>
>Again, the emphasis is mine. Now, granted, this agreement does not
>specifically address the patent issue by name. However, I would say that
>the language of the agreement certainly expresses RSA's intent to limit the
>licensee's rights to use the "Software". Add that to the fact that, AFAIK,
>RSA has *never* licensed anyone to use their own implementation of RSA in
>the US (one must always license BSAFE), and I'd say even a lawyer (one of
>which I am not) would have a hard time arguing that buying RHSWS in any way
>grants you rights to use any other implementation of RSA's patented
>algorithms.
>
>I actually had a conversation (via email) with Preston Brown of Red Hat, and
>he told me that the reason that they distribute RHSWS as a statically-linked
>binary only, with source just for the apache part (rather than with the
>crypto part as a binary DSO, so that the server could be recompiled, as some
>vendors do), is that their license with RSA prohibited it; it seems RSA
>wasn't keen on the idea that the user might have some discreet crypto lib
>lying around on their system that they could try to put to arbitrary uses.
>
>I feel I must repeat, "I AM NOT A LAWYER." However, I'd suggest anyone
>adhering to the idea that licensing a particular RSA implementation gives
>them any rights to the algorithm itself go get one, because they may ending
>needing his/her service in court. September 2000 can't come soon enough.
>
>Dave Neuer
>Software Engineer
>Futuristics Labs, Inc.
>www.futuristics.net
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
