I am not aware of what patents cover SSL, but your argument is
incomplete without a description of the license terms. This
is, I fully
acknowledge, something I am not too familiar with and intend
to read up
on, especially since there is a work in progress library (gnutls) that
is intended to replace openssl, if I'm not mistaken.
The patent is held by Netscape (AOL) and covers transport layer
security. The terms are considerably more vague than in the SenderID
case. Netscape does not promise to offer a sublicensable patent or
even to offer reasonable or non discriminatory terms.
Netscape Communications has issued the following statement:
Intellectual Property Rights
Secure Sockets Layer
The United States Patent and Trademark Office ("the PTO") recently issued
U.S. Patent No. 5,657,390 ("the SSL Patent") to Netscape for inventions
described as Secure Sockets Layers ("SSL"). The IETF is currently
considering adopting SSL as a transport protocol with security features.
Netscape encourages the royalty-free adoption and use of the SSL protocol
upon the following terms and conditions:
If you already have a valid SSL Ref license today which includes source code
from Netscape, an additional patent license under the SSL patent is not
required.
?@
If you don't have an SSL Ref license, you may have a royalty free license to
build implementations covered by the SSL Patent Claims or the IETF TLS
specification provided that you do not to assert any patent rights against
Netscape or other companies for the implementation of SSL or the IETF TLS
recommendation.
What are "Patent Claims":
Patent claims are claims in an issued foreign or domestic patent that:
1) must be infringed in order to implement methods or build products
according to the IETF TLS specification; or
2) patent claims which require the elements of the SSL patent claims and/or
their equivalents to be infringed.