lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Lynx 2.7.1 and secure servers


From: David Woolley
Subject: Re: LYNX-DEV Lynx 2.7.1 and secure servers
Date: Fri, 19 Sep 1997 08:58:13 +0100 (BST)

> 
> From: David Woolley <address@hidden>
> >>  Hello there. I'm testing lynx 2.7.1 on a Solaris 2.4 system. It all seems
> >> fine except for one thing. If I ever connnect to a secure server(one with
> >FAQ.  Covered several times in the last few weeks.  (RSA) patent
> >is incompatible with Gnu Licence  (there are reports of a Netscape
> 
> Actually, the problem is not GNU, but US Government, which as I
> understand it, has declared all (I believe) encryption/decryption
> software as munitions and thus illegal to export out of the USA without
> a special arms dealer level license...

It's both.  The export controls problem is the one more often quoted
on this list, but many of the senior Free Software Foundation people
are also in the League for Programming Freedom, which campaigns against
software patents, and they have written very explicit clauses into
the Gnu licence which have the effect that if you cannot give a GPLed
program royalty free to everyone in a country, you can't give it to
anyone in that country (it is more strict than that - unless the original
copyright owners have explicitly stated rules for selecting countries
in which the licence is void for IPR reasons, you must replace country
by world in the above).

There are two key software patents which account for most of the software
patent problems with free software, and Lynx involves one of them, so
it can't be considered a side issue where the rules can be quietly broken:

- LZW (Unisys/IBM - compress, GIF) - Unisys have been forced to give some 
concessions for
  free software, because of the outcry, put it still led to the introduction
  of PNG, which is GIF using the PKZIP algorithm (LZ77));

- RSA (Public Key Data Systems/RSA Data Security Inc. - SSL, PGP).

PGP has been taken out of the Gnu licence and is not free for commercial
use, partly because of this (it is not free for commercial use even in the
UK, even though the UK doesn't accept software patents - this is either
because of a misunderstanding about the status of the IDEA patent in the
EEC, or because the author has decided that patents are a good thing).

The RSA patent is about to expire, but there are reports that Netscape has
taken out a patent on SSL (personally I can just about justify an RSA patent,
except that it wasn't developed by a commercial company, but I think SSL
is an obvious implementation of prior art).

Software patents are essentially a US only problem, except that the
US is such a large market, that they inhibit anyone in the rest of the
world who has ambitions of a US market.  If you want general background
on the legal quagmire associated with SSL (prior to the Netscape patent
claim) have a look in the O'Reilly book on the Apache web server; there
are four or five pages discussing both the patents and export controls
issues, although Apache is not GPL software, so the specific GPL problem
doesn't apply.

You should be quite clear that, if you have a copy of PGP in the USA
containing RSAREF, you cannot give it to anyone else, as that would be a
breach of a very explicit clause in the GPL.  If you have one containing
the SSLeay implementation of RSA, it is illegal to even use it.

The only way round this, whilst allowing the distribution of SSL capable
binaries, is to use an alternative licence, which would require the
joint agreement of all the copyright owners.  I would hope that the
non-US contributors would object to the issuing of any licence which
didn't allow them access to the software.

If Netscape have successfully patented SSL, even the non RSA parts of 
SSLeay may not be useable in a GPLed product.  (SSL is, in may non-legally
trained view, is now unpatentable in the UK, even as hardware implementations,
as published designs cannot be patented after publication.)
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]