Date: Thu, 20 Nov 1997 09:49:27 -0800 (PST) From: sameer <sameer@c2.net> To: randyk@ccsales.com (Randy A. Katz) Cc: shawn@luke.cpl.net, questions@FreeBSD.ORG Subject: Re: Apache-SSL Message-ID: <199711201749.JAA11311@gabber.c2.net> In-Reply-To: <3.0.5.32.19971119194741.03203100@ccsales.com> from "Randy A. Katz" at "Nov 19, 97 07:47:41 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Randy, I'm sorry that you had a confusing time talking to our sales department and RSA. Unfortunately both our sales department and RSA did not tell you the whole story. We do not have an exclusive license to the RSA patents. A good number of companies have RSA patent licenses -- Netscape, Microsoft, IBM, Sun, Oracle, etc. We are just one of them. However, our sales department may have said 'exclusive' or you may have heard 'exclusive' because Stronghold, as far as we know, is the only Apache-based product to have a patent license from RSA as well as a license to use the trade-secret RC4 algorithim within the United States. (Both of which you need to perform encrypted transactions over HTTP and interoperate with the majority of the deployed browsers.) Our contract with RSA does stipulate that we are required to report to them if we are aware of people violating their patent. We're not fans of software patents at C2Net, and we'd be happy to see them go away. However, there are realities of doing business, and one of them is making sure you've licensed all the IP that you need to license as well as abiding by the contracts you've signed in order to license that IP. We don't *want* to report patent violaters to RSA, but we're obligated to do so. I'm sorry. > When I asked the Stronghold people they said that it was not legal to use > it. When I questioned further they said that is because RSA has the > authority and Stronghold has an exclusivity agreement with them...I called > RSA and they told me yes. Stronghold has an agreement with them but they > allow others to use RSA encryption behind web site...and one of the ones > they said was OK was Apache SSL...no problem. > > Went back to Stronghold, asked why they lied...they denied it and told me > RSA might come after me and that I would have to pay $30,000 to get an > arrangement with RSA like they do...RSA said they didn't understand and > Apache SSL is fine and so forth... > > I WILL NEVER DO BUSINESS WITH STRONGHOLD EVEN IF THEY HAVE A GREAT PRODUCT. > I hear they have more implementation problems then Apache SSL anyway and > you pay for it (but they give you support and it's hard to figure out how > to implement Apache SSL). > > If you go to http://www.thawte.com and look under order a server > certificate you will see the procedure (sketchy). You must have ssleay and > a patched version of Apache 1.2 already compiled and installed. > > Take care. > Randy Katz > > At 06:49 PM 11/19/97 -0800, Shawn Ramsey wrote: > >Does anyone know what the licesning issues are for Apache-SSL in the US? > >Is it even possible to legally use it in the US? Just curious if it would > >be worth it to use this, over say Stronghold. > > > > > > > > > -- Sameer Parekh Voice: 510-986-8770 President FAX: 510-986-8777 C2Net http://www.c2.net/ sameer@c2.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711201749.JAA11311>