On Mon, Sep 25, 2000 at 05:40:45PM -0500, Jeff Rauenhorst wrote: > Hey all, > Now that the RSA algorithm is off patent, I'm a little unclear how that > effects some of the software packages I use (openssl, mod_ssl, and RSAref) > and I think this is an appropriate place to ask. > Now can I use the RSAref libary without any patent infringement? Yes, you can use RSAREF without any patent infringement, but why use it at all? Why not just use the stock International RSA library? RSAREF2 was the code that US people were REQUIRED to use in order to avoid patent infringement for non-commercial code. None of us need it at all now. Technically, the RSAREF2 library was specifically licensed for non-commercial use. One would presume that the license still holds, even though the patent no longer does. That would imply that you still can not use RSAREF2 for commercial purposes (because of the license on the code, not because of the patent on the algorithm) but any other implimentation (like the one included with OpenSSL) is fair game for commercial as well as non-commercial use. > Is there anyting new that I can now do because of the patent expiration? Use OpenSSL and the stock RSA libraries for commercial purposes in the US. > Openssl: anything different than linking it against the RSAref library? > mod_ssl: anything new here? Not linking it against the RSAREF library in the US. Outside the US, you never had to link against RSAREF anyways. RSAREF can now be considered deprecated. > What about other security programs? > >From what I've understood, just the algorithm has gone off patent, which > is just a mathematical equation. But does Verisign still have the rights > to an RSA 'implementation'? I guess that the SSLeahy (spelling?) is a > different 'implementation' or am I confusing this? How does the RSA patent > expiration change all this. SSLeay was the Eric A Young (EAY) implimentation of SSL and all the underlying crypto libraries. It's the forerunner of OpenSSL. Use OpenSSL. The expiration of the patent (and the fact that RSA Labs released it into public domain two weeks before it expired) just means that in the US, where it was patented, you no longer have to use the code from RSA Labs (RSAREF). Outside the US, it makes no difference. > I'd appriciate any light you guys could shead on this! > thanks, > Jeff Rauenhorst > jrauenho@nd.edu > http://www.nd.edu/~jrauenho > "If one advances confidently in the direction of his dreams and endeavors > to live the life he has imagined, he will meet with a success unexpected > in common hours." > -Henry David Thoreau Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
