Thank you Rob, it is a good analysis. It seems that the awards, since they are
related to damages, can be quite low for us. RSA is not competing in our
business so our fielding of a server does not result in any loss of revenue
for
them. Since they do not offer usage licenses, and therefore that isn't a
revenue source, for RSA, our server will not impact their product sales
either.
It gets more interesting, in that under these conditions, if RSA were to
attempt to restrain our operations, they could be exposed to a "restraint of
trade" counter-suit. Particularly since we have offered to pay a reasonable
user-license and were rebuffed.
But, we will discuss this with our attorney's. Thank you again.
At 03:21 AM 5/14/98 -0400, Rob Heittman wrote:
>
>> > Please note that any implementation of SSLeay with in the United
States is
>> > strictly illegal.
>
>This communication you received is a dramatic oversimplification and I
>hope it won't mislead any casual readers of this list.
>
>A short rehash of the U.S. situation for those reading, just because I
>haven't seen one here in a while, and Ben very sensibly smirks at the
>whole U.S. patent scene -- <grin>
>
>A U.S. patent provides a legal right to "exclude others from making,
>using, offering for sale, or selling the invention in the United States or
>importing the invention into the United States." RSADSI holds valid
>patents on specific algorithms; they may legally prohibit the use of those
>algorithms within the U.S., and they do so.
>
>SSLeay contains implementations of algorithms patented by RSADSI. It also
>contains a lot of valuable software that has nothing to do with the
>RSADSI patents. A number of U.S. companies, with advice of counsel,
>believe that when using SSLeay (or other crypto software, e.g. ssh)
>"glued" to appropriately licensed RSADSI software providing the patented
>components, the resultant compiled software does not infringe upon any
>patents held by that company. I personally subscribe to this view. C2Net
>also apparently takes this view, since Stronghold contains SSLeay
>components plus licensed RSA code (plus, read Sameer's comments on old
>SSL-users archives). Certainly RSADSI has never brought a challenge over
>such a matter to open trial, which may bolster the idea that this view is
>the most correct. (There _have_ been legal actions brought by RSADSI that
>resulted in settlements, we hear.)
>
>RSADSI has asserted broader patent rights over the whole notion of
>public-key cryptography, but these issues are also somewhat murky and rest
>on dubious foundation.
>
>In any case, U.S. companies should make their crypto software decisions
>with the input of well-informed counsel.
>
>The sensitivity of the choice obviously has direct relation to the size
>and impact of the crypto application being discussed. Even if a valid
>patent is infringed by a small noncommercial application, the
>patentholder's rights of action are fairly limited. According to USPTO:
>"If a patent is infringed, the patentee may sue for relief in the
>appropriate Federal court. The patentee may ask the court for an
>injunction to prevent the continuation of the infringement and may also
>ask the court for an award of damages because of the infringement." The
>risks associated with being found on the wrong side of an infringement
>case escalate with the importance of the project and the amount
>of damages that can be claimed by the patentholder.
>
>As an example, if you field a single server using a patented technology
>which the patentee sells openly for US$1000 per instance, but implement it
>with a private version of the technology and do not pay the patentee, your
>potential liability is fairly low, as it is fairly difficult for the
>patentee to show much in the way of damages. However, if you develop
>commercial server software along similar lines, and sell hundreds of
>thousands of copies for US$100 each, your potential liability is extremely
>high -- the patentee can claim millions of dollars of damages.
>
>Anyway, "strictly illegal" is marketese -- there is nothing strict or
>well-defined anywhere in U.S. patent law. It's a very subjective
>discipline. So if you are in the U.S. and wish to field SSL servers with
>experimental, developmental, or international crypto technology, and have
>legal concerns, talk to a well-informed intellectual property lawyer and
>decide what to do -- based on your legal assessment of the patent
>situation with regard to _your_ particular implementation, and your
>position with regard to potential liability.
>
>Sigh. Can we all move to Australia now?
>
>- Rob
>
_________________________________________________
Morgan Hill Software Company, Inc.
Roeland M.J. Meyer, ISOC
(RM993)
President and CEO.
e-mail: <mailto:rmeyer@mhsc.com>mailto:rmeyer@mhsc.com
Web-pages: <http://www.mhsc.com/~rmeyer>http://www.mhsc.com/~rmeyer
Web-site: <http://www.mhsc.com>http://www.mhsc.com
Colorado Springs, CO - Livermore, CA - Morgan Hill, CA
-----------------------------------------(legal notice)--------
Note: Statements made in this message do not
necessarily reflect the position of MHSC. All
forcasts and projections are to be considered
as forward-looking and presume conditions which
may not be referenced herein.
-----------------------------------------(/legal notice)-------