Skip to content

Month: July 2003

Patents: the SSLeay workaround

Published July 3, 2003

during this ongoing European software patents thing, I was reminded of a comment I heard a while back from a pro-patent guy.

He was around in the bad old days of SSLeay‘s patent woes. SSLeay, like many cryptographic products in the 80’s and 90’s before the RSA and other patents expired, was in a legal grey area due to patent issues. To quote the ‘Is This Legal?’ section of their FAQ:

That is one of the hard questions on which there is as yet no clear answer. You need to read quite a bit of information to draw your own conclusions – and then go and talk to a lawyer. Again this document is my opinion and as such should be treated in that light – reality could be quite different to how I happen to see things :-).

In short:

  • outside the USA there should be no problems
  • inside the USA RSA hold patents over the RSA algorithms, however if you use RSAREF (which SSLeay can link to) then non-commercial use is probably okay. For commercial purposes you need to talk to RSA to license one of their toolkits (BSAFE) or come to some other licensing arrangement with them.
  • IDEA may be a problem inside Europe and RC4 inside the USA; both can be removed with a simple compile-time option or you can licence the IDEA algorithm.

Eventually, RSA relicensed their algorithms to be freely usable. Thankfully IDEA could be avoided by using alternative algorithms in the SSL transaction, so it wasn’t a biggie; most SSL users just switched it off. Finally, the RSA patent finally expired — so nowadays SSL is commonplace, and using SSL to protect security is a lot easier than it used to be.

Anyway, I’m diverging here… the relevance is this mail from Hartmut Pilch discussing the current euro-swpat proposal. He reckons even the SSLeay defense — saying ‘do not download this software in these countries unless you get these licenses’ — would not work with the current proposal:

To make this clearer: according to the CEC proposal, you still risk being sued even if you only publish a program and warn people ‘please do not execute unless you have obtained a license from XXX’.

SARS — back in the fall?

Published July 2, 2003

SARS special report: Too soon to celebrate (New Scientist).

There are also suspicions that the first outbreak in the southern Chinese province of Guangdong stopped so abruptly because of the onset of summer. The SARS virus does not survive well in a hot environment, and if most transmission is due to people touching contaminated surfaces, higher temperatures would have reduced transmission.

If the season, rather than human intervention, was the main reason for the end of the outbreak, SARS could return with a vengeance in the autumn. That is what happened with the 1918 influenza pandemic, which killed tens of millions. Fortunately, SARS is far less infectious (so far).

Debra Bowen: ‘MS killed useful CA spam law’

Published July 2, 2003

‘Let There Be Spam!’:

COMMITTEE TAKES CUE FROM MICROSOFT, KILLS NATION’S TOUGHEST ANTI-SPAM PROPOSAL

SACRAMENTO – Urged on by Microsoft, the Assembly Business & Professions Committee today unceremoniously killed SB 12 (Bowen), a measure to create the country’s toughest anti-spam law by requiring advertisers to get permission from computer users before sending them unsolicited ads …

‘Does anyone other than the eight members of this committee who either voted ‘no’ or took a walk on the bill really believe Microsoft has any interest in getting rid of spam?,’ wondered California State Senator Debra Bowen (D-Redondo Beach), the author of SB 12, following the bill’s defeat. ‘Trusting Microsoft to protect computer users from spam is like putting telemarketers in charge of the do-not-call list. Microsoft uses a megaphone to tell everyone how much it hates spam at the same time it’s working overtime to kill truly tough anti-spam laws. Why? Microsoft doesn’t want to ban spam, it wants to decide what’s ‘legitimate’ or ‘acceptable’ unsolicited commercial advertising so it can turn around and license those e-mail messages and charge those advertisers a fee to wheel their spam into your e-mail inbox without your permission.’

wow ;) She’s not pulling any punches there…

A ‘pay-to-email’ patent

Published July 1, 2003

The concept of a ‘pay-to-mail’ scheme — charge people to send you mail — is patented, it seems. Good, I never liked it anyway ;)

A method and apparatus for determining whether a party sending an email communication is on a list of parties authorized by the intended receiving party. If the sending party is not on the list of authorized parties, an electronic billing agreement is emailed to the sending party indicating a fee that will be charged to the sending party in return for the message being provided to the intended receiving party. Preferably, the present invention is implemented with Internet communications and utilizes a security protocol to enable the electronic transaction to be transacted in a secure manner.

Date: Tue, 01 Jul 2003 15:00:09 -0400
From: “Bob Wyman” (spam-protected)
To: (spam-protected)
cc: “‘Yakov Shafranovich”‘ (spam-protected)
Subject: RE: US Spam patents: Partial list

A new, spam-related, US Patent was issued today. It is a continuation in part of US Patent 6,192,114 which is on the first list of patents I posted to this group.

See: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=6587550

US Patent 6,587,550 METHOD AND APPARATUS FOR ENABLING A FEE TO BE CHARGED TO A PARTY INITIATING AN ELECTRONIC MAIL COMMUNICATION WHEN THE PARTY IS NOT ON AN AUTHORIZATION LIST ASSOCIATED WITH THE PARTY TO WHOM THE COMMUNICATION IS DIRECTED

Abstract A method and apparatus for determining whether a party sending an email communication is on a list of parties authorized by the intended receiving party. If the sending party is not on the list of authorized parties, an electronic billing agreement is emailed to the sending party indicating a fee that will be charged to the sending party in return for the message being provided to the intended receiving party. Preferably, the present invention is implemented with Internet communications and utilizes a security protocol to enable the electronic transaction to be transacted in a secure manner.

————————————————————————

Inventors: Council; Michael O. (186 Hurt Dr., Cordele, GA 31015);
Santos; Daniel J. (3525 Roswell Rd., #721, Atlanta, GA 30305) Appl. No.: 783340 Filed: February 14, 2001

Asrg mailing list (spam-protected) https://www1.ietf.org/mailman/listinfo/asrg