Re: [cobalt-users] RaQ3 128-bit Secure Server Upgrade... WHEN..??

[Chris Adams <cmadams@xxxxxxxxxx>]

Once upon a time, Jeff Lasman <jblists@xxxxxxxxxxxxx> said:
> At 09:16 AM 2/15/00 -0600, you wrote:
> >And your name is not Cobalt, which is what the question asked about.
> 
> Easy now, he only made you aware that there is a solution available.  Of 
> course you can wait for Cobalt.
> 
> >I
> >don't want to pay a lot of money for something that should be either
> >free or very low cost (because it should just be a recompilation of the
> >existing software).
> 
> Red Hat Linux is free.  Red hat's secure server costs us$150.  The price 
> looks pretty reasonable.  And they can sell it outside the US because it 
> comes from outside the US.

Red Hat sells it in the US and they pay the license fee for the patents.

> Now you probably want to know what it's "not for use in the U.S." so I'll 
> tell you.

I already know all about that.

> It includes software algorithms for which there's a U.S. patent.  The U.S. 
> patent expires this year.

One of the patents (I think RSA may have additional patents on some of
the newer algorithms used in SSL, but I haven't checked into that yet).
The original RSA patent expires on September 20, 2000.

> Here's how I get around the problem:  I own a copy of Red Hat's secure 
> server.  That covers the patent.  Even though I can't use the server on my 
> system.

Technically, if you are in the US, you are _not_ covered just because
you own Red Hat's server.  If you use someone else's software, you are
infringing on the RSA patent, because they only license a specific
implementation.

> No, I don't use the Brosoft software on my RaQ2, I use manually patched 
> software.  BUT... I still need to buy the license to cover the patent.

Then you are NOT covering the patent.

> >The RaQ3 already has SSL built in and integrated
> >with the Cobalt interface; I don't want to mess that up (and probably
> >void the warrenty as far as Cobalt support is concerned) by installing
> >someone else's software.
> 
> Gee, maybe this "someone" else just happens to be an authorized Cobalt var?

If their software changes the Cobalt software (which it would have to on
a RaQ3 since they are already running an SSL server), then Cobalt
probably considers the warrenty voided.

> >With the change in US encryption law, I think Cobalt could even export
> >full strength SSL now, so they could just have an upgrade package that
> >adds 128 bit SSL.
> 
> Not without going through a lot of hoops AND paying patent royalty fees.

In case you didn't notice, the RaQ3 (which this is all about) _already_
comes with the SSL server integrated.  They _already_ pay the patent
royalty fees.  However, since they export the RaQ3, they only include
the export grade (56 bit) encryption.  This is just a compile time
option, AFAIK.  We were told that there would be an upgrade available to
those in the US (and Canada) that would upgrade the SSL to full strength
(128 bit).  That upgrade is not yet available.  Also, since the RaQ3 was
released, US encryption export law has changed, and it is now legal to
export full strength encryption, so Cobalt _could_ just provide an
upgrade package for _all_ RaQ3s (not just in the US and Canada) to go to
full strength.
-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Information Services
I don't speak for anybody but myself - that's enough trouble.