[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ3 128-bit Secure Server Upgrade... WHEN..??

At 11:19 AM 2/15/00 -0600, you wrote:


Once upon a time, Jeff Lasman <jblists@xxxxxxxxxxxxx> said:
> Red Hat Linux is free.  Red hat's secure server costs us$150.  The price
> looks pretty reasonable.  And they can sell it outside the US because it
> comes from outside the US.

Red Hat sells it in the US and they pay the license fee for the patents.
I see where there might have been some confusion in my post. It was Brosoft that has a product that comes from outside the US and which they can sell outside the US. 


> Now you probably want to know what it's "not for use in the U.S." so I'll
> tell you.

I already know all about that.
I'm glad you did. There may be some people on the list who didn't. The list isn't just a forum for the two of us. At least I don't think so <wry grin>. 


> It includes software algorithms for which there's a U.S. patent.  The U.S.
> patent expires this year.

One of the patents (I think RSA may have additional patents on some of
the newer algorithms used in SSL, but I haven't checked into that yet).
The original RSA patent expires on September 20, 2000.
My understanding is that the patent you mention is the only one in current SSL implementations. I am not a lawyer. But my lawyer is <smile>. 


> Here's how I get around the problem:  I own a copy of Red Hat's secure
> server.  That covers the patent.  Even though I can't use the server on my
> system.

Technically, if you are in the US, you are _not_ covered just because
you own Red Hat's server.  If you use someone else's software, you are
infringing on the RSA patent, because they only license a specific
implementation.
If you're a lawyer, then I'll put you in touch with mine, and you can argue. Otherwise, let's not go there. No court in the U.S. has been willing to go there. RSA is not willing to go there. Do you really want to go there? 


> No, I don't use the Brosoft software on my RaQ2, I use manually patched
> software.  BUT... I still need to buy the license to cover the patent.

Then you are NOT covering the patent.


As I said, let's not go there <wry grin>.


> >The RaQ3 already has SSL built in and integrated
> >with the Cobalt interface; I don't want to mess that up (and probably
> >void the warrenty as far as Cobalt support is concerned) by installing
> >someone else's software.
>
> Gee, maybe this "someone" else just happens to be an authorized Cobalt var?

If their software changes the Cobalt software (which it would have to on
a RaQ3 since they are already running an SSL server), then Cobalt
probably considers the warrenty voided.
Cobalt's remedy to you, the owner of the box with the warranty, is to give you back a box with a clean Cobalt operating system on it. They don't warranty your content or any software you've added. How does this warranty differ from what you can do yourself with a $99 CDROM? Now if you're talking about support; that's a different kettle of fish altogether; of course we don't expect Cobalt to support what they don't provide. I find it unfortunate that Cobalt couches this in "warranty" terms; do they really want to be covered under Magnusson-Moss? I would think not, but I'm not Cobalt.
But I'm just ranting, and anyone whose read my previous posts knows I believe in self-support and community-support. After all, that's what Linux is all about (or is it?). 


> >With the change in US encryption law, I think Cobalt could even export
> >full strength SSL now, so they could just have an upgrade package that
> >adds 128 bit SSL.
>
> Not without going through a lot of hoops AND paying patent royalty fees.

In case you didn't notice, the RaQ3 (which this is all about) _already_
comes with the SSL server integrated.  They _already_ pay the patent
royalty fees.  However, since they export the RaQ3, they only include
the export grade (56 bit) encryption.  This is just a compile time
option, AFAIK.  We were told that there would be an upgrade available to
those in the US (and Canada) that would upgrade the SSL to full strength
(128 bit).  That upgrade is not yet available.  Also, since the RaQ3 was
released, US encryption export law has changed, and it is now legal to
export full strength encryption, so Cobalt _could_ just provide an
upgrade package for _all_ RaQ3s (not just in the US and Canada) to go to
full strength.
You're right; I missed a lot of the original point in this paragraph. But I don't think that under current law Cobalt could "just provide an upgrade package for _all_ RaQ3s (not just in the US and Canada) to go to full strength." 

I'm not a lawyer of course.  YMMV.

Jeff

--
Jeff Lasman <jblists@xxxxxxxxxxxxx>