[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec near term work



-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-ID-Asymmetric: MFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNRDE
 kMCIGA1UEChMbVHJ1c3RlZCBJbmZvcm1hdGlvbiBTeXN0ZW1zMREwDwYDVQQLEwh
 HbGVud29vZA==,03
MIC-Info: RSA-MD5,RSA,Kigr9NdAehfRZQUzKRPCB+aFbtF7tmXMYPJ1Ra7kxP2
 lYZl308slFdYZyF1fIqVMVgF8bGExMah7Sar9SD2AeCfmfXY0OgcNJrLP/wtUC2Q
 jlMT1DHmhEml3XIUotpQc

> The second group could use a shareware, licenced north american
> rsaref work alike if only it existed.  RSADSI has blocked this
> approach by not selling a "comercial version" of the software they
> already give away.
> 
> They see rsaref as a purly experimental library which has no place
> in the "real world".  IMHO they are throwing away free money by
> not selling "comersial use licences" for rsaref to companies who
> want to use software built with it.


I don't believe this description of the situation is completely
accurate.  I'm not sure what "shareware, licensed..." means precisely.
However, I believe that if someone developed an application which
uses RSAREF and then sought a commercial license for the application,
a fairly strightforward business discussion would ensue.  I don't
speak for RSADSI, but I expect they would provide suitable commercial
licenses whenever the situation arises.  One can cast this as a pair
of questions focused on test cases:

- -   Are there any known examples in which someone has built an
    application based on RSAREF, decided to commercialize it,
    approached RSADSI, and not been able to come to reasonable terms?
    I know of none, but perhaps others do.

+   Conversely, are there any known examples in which someone has
    built an application based on RSAREF, decided to commercialize it,
    approached RSADSI, and successfully obtained a license?  I believe
    the answer is yes.

All representations and disclaimers in my last note apply here too.

Steve

> From:    Brad Huntting <huntting@glarp.com>
> To:      Phil Karn <karn@qualcomm.com>
> cc:      atkinson@itd.nrl.navy.mil, ipsec@ans.net
> Date:    Wed, 02 Feb 1994 13:29:31 -0700
> Subject: Re: IPsec near term work 
> 
> 
> > Will we have to wait until 1997 (when Diffie Hellman expires) or 2000
> > (when RSA expires) to do anything with IP security beyond manual
> > single-key cryptography? Is anyone willing to tackle this issue?
> 
> If your implementation uses rsaref then there's a good chance it
> could be used by most north american companies.
> 
> Unfortunately, this leaves out two very large sectors of the
> Internet.  Namely (1) those outside north america, and (2) commercial
> interests.
> 
> The first group could use an rsaref work alike as long as it was
> developed and maintained outside the US.
> 
> The second group could use a shareware, licenced north american
> rsaref work alike if only it existed.  RSADSI has blocked this
> approach by not selling a "comercial version" of the software they
> already give away.
> 
> They see rsaref as a purly experimental library which has no place
> in the "real world".  IMHO they are throwing away free money by
> not selling "comersial use licences" for rsaref to companies who
> want to use software built with it.
> 
> 
> brad
-----END PRIVACY-ENHANCED MESSAGE-----


References: