At 10:35 PM 5/14/98 -0700, apachessl@web1.valley-internet.com wrote:
>
>
>On Wed, 13 May 1998, Roeland M.J. Meyer wrote:
>
>> At 10:45 AM 5/11/98 -0500, Chris Owen wrote:
>> >
>> >We've used Stronghold for the past 2 years, but frankly I'd much rather
>> >use plain old apache-ssl. However, there is the Verisign certificate
>> >problem.
>> >
>> >My question is this: What is the real limitation against doing this? The
>> >apache-ssl web page says it isn't allowed, but on the Verisign site it
>> >doesn't really make such claims. I've also checked out the Verisign
>> >contract and except for some vague language about using "appropriate SSL
>> >software" it doesn't really say anything about any limits as to what
>> >software you can use the certificate with.
>> >
>> >What happens if you use apache-ssl? Do they revoke your certificate? I'd
>> >rather stay legal, but I'd really rather use the real deal rather than
>> >Stronghold.
>
>I did some research on this a while back and talked at length to someone
>at RSA on this. I was told that I could buy a copy of RSA's BSAFE library
>for in house commercial use for about $300 per machine, and that it would
>work as a drop in replacement for rsaref. I specifically told RSA that my
>intent was to link bsafe to ssleay, and they didn't have a problem with
>that. But then again the guy I talked to actually knew what ssleay was.
>
>Assuming that is true, you could compile ssleay against bsafe (anyone done
>this?) and use that with apache-ssl. Legal in the US for less than the
>price of Stronghold.
I guess that the first question that I'd ask is "Is BSAFE available for
Linux?".
___________________________________________________
Roeland M.J. Meyer, ISOC (InterNIC RM993)
e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com
Internet phone: hawk.mhsc.com
Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer
Company web-site: <http://www.mhsc.com/>www.mhsc.com/
___________________________________________
SecureMail from MHSC.NET is coming soon!