Sorry folks.
The legal issues are %100 percent accuarate. He is on the mark, and its better that
we listen than we challenge
On Mon, 22 Nov 1999 09:45:51 -0600, Leland V. Lammert wrote:
>Jeeze, boobie! Lighten UP!! There have been no court cases on the issue (are you a
>lawyer or a judge??), .. and your
analogy to piece parts is invalid. Quit giving bogus legal advice!
>
> Lee
>
>At 09:39 AM 11/18/99 , you wrote:
>>-----Original Message-----
>>From: Leland V. Lammert <[EMAIL PROTECTED]>
>>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>>Date: Thursday, November 18, 1999 1:55 AM
>>Subject: Re: OpenSSL usage liability.
>>
>>
>> >At 05:59 PM 11/17/99 , you wrote:
>><snip>
>> >
>> >Another option - puchase the RedHat secure server for $149, and throw it
>>away (retaining the license, of course). That way, you WOULD be legal with
>>openssl.
>> >
>> > Lee
>>
>>Look at it this way: Manufacturer A patents a new bristle technology for
>>toothbrushes. Manufacturer B makes a toothbrush using the same technology.
>>Does buying a toothbrush from Manufacturer A give you a right to use
>>Manufacturer B's toothbrush? US PATENT LAW SAYS NO! The only time you have
>>a right to use Manufacturer B's toothbrush is if Manufacturer B licenses the
>>patent from Manufacturer A. This is entirely independant of any
>>relationship between the end customer and Manufacturer A.
>>
>>I have seen this idea tossed around on this list and on the mod_ssl list,
>>that somehow licensing RHSWS or Raven allows one to use *any* implementation
>>of RSA. I personally don't see any factual or legal evidence to support
>>this conclusion. It seems that with all of these products, (and with their
>>crypto toolkits, too), RSA is licensing you "software", not rights to an
>>algorithm. That software that they are licensing you happens to use their
>>patented algorithm (which is certainly lawful, since they own the patent,
>>and the software). You have a right to use the algorithm ONLY because you
>>have a right to use the *software* that you licensed from them.
>>
>>The license that comes with RHSWS 2.0 states at the top that the software
>>"[is] protected by copyright *and other laws*. Title to these programs ...
>>shall at all times remain with the aformentioned ..." (emphasis mine). The
>>aforementioned the clause refers to are Red Hat Software and RSA Data
>>Security, Inc. (now just RSA Security, Inc.).
>>
>>Subsequently in the RSA portion of the license agreement, it states:
>>
>> "The Software Programs include software licensed from RSA Data Security,
>>Inc. ("RSA Software"). You may not modify, translate, reverse engineer,
>>decompile, or dissasemble the RSA Software or any part thereof, or otherwise
>>attepmt to derive the source code therefrom, and you shall not authorize any
>>third party to do any of the foregoing. *Nothing in this Agreement grants
>>you any rights, license, or interest with respect to the source code for the
>>RSA Software*..."
>>
>>Again, the emphasis is mine. Now, granted, this agreement does not
>>specifically address the patent issue by name. However, I would say that
>>the language of the agreement certainly expresses RSA's intent to limit the
>>licensee's rights to use the "Software". Add that to the fact that, AFAIK,
>>RSA has *never* licensed anyone to use their own implementation of RSA in
>>the US (one must always license BSAFE), and I'd say even a lawyer (one of
>>which I am not) would have a hard time arguing that buying RHSWS in any way
>>grants you rights to use any other implementation of RSA's patented
>>algorithms.
>>
>>I actually had a conversation (via email) with Preston Brown of Red Hat, and
>>he told me that the reason that they distribute RHSWS as a statically-linked
>>binary only, with source just for the apache part (rather than with the
>>crypto part as a binary DSO, so that the server could be recompiled, as some
>>vendors do), is that their license with RSA prohibited it; it seems RSA
>>wasn't keen on the idea that the user might have some discreet crypto lib
>>lying around on their system that they could try to put to arbitrary uses.
>>
>>I feel I must repeat, "I AM NOT A LAWYER." However, I'd suggest anyone
>>adhering to the idea that licensing a particular RSA implementation gives
>>them any rights to the algorithm itself go get one, because they may ending
>>needing his/her service in court. September 2000 can't come soon enough.
>>
>>Dave Neuer
>>Software Engineer
>>Futuristics Labs, Inc.
>>www.futuristics.net
>>
>>______________________________________________________________________
>>OpenSSL Project http://www.openssl.org
>>User Support Mailing List [EMAIL PROTECTED]
>>Automated List Manager [EMAIL PROTECTED]
>
>============================================
> Leland V. Lammert [EMAIL PROTECTED]
> Chief Scientist Omnitec Corporation
> Network/Internet Consultants www.omnitec.net
>============================================
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
