Ryan,
I agree with what you said in your post, however what you said about
software patents might not be entirely accurate.
Ryan said:
Software patents don't exist in most of the rest of the world;
Unfortunately next week this might not be true. Brussels is planning a
very controversial software patent law and it seems that nobody can
stop them even though there are lot of demonstrations/action groups
against it.
Jeremy.
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Ryan
Malayter
Sent: Thursday, May 20, 2004 3:23 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] let's get rid of SRS
[Roger Moser]
Nico Kadel-Garcia wrote:
Using RSA keys gets into various national and international
encryption
regulations. It's a nasty, nasty software booby trap, one
that has been
previously slammed into headlong by the open source
community and the
security community.
Very seriously, beware of forcing servers to RSA
authenticate themselves.
Then Yahoo's Domain Keys will have the same troubles.
The patent on RSA expired in the U.S. in September 2000. Software
patents don't exist in most of the rest of the world; the RSA algorithm
(but not the reference source code) can be used freely for signing
almost anywhere. It is used in the open SSL/TLS, SSH, S/MIME, and other
standards that freely are in use worldwide.
Some countries (notably France) have very strict laws about the use of
strong encryption, but very few countries regulate strong digital
signatures to the same degree.
Basically, if you can legally set up an Apache web server running
OpenSSL in your country, you can use RSA freely. Call your local ISP and
ask them if they use OpenSSL (the free version, not any commercial
alternative) on their web servers; chances are if they do they do not
pay RSA a separate license fee. Assuming you trust your ISP's knowledge
of such things, you can probably use RSA legally in your country.
This is an anecdotal summary, not a legally rigorous one, but I've been
involved in discussions about these issues on the GnuPG mailing list
over the last six or seven years. I'm 95% confident I'm correct about
this.
Regards,
Ryan
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200405.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.
In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.