public key cryptography

Per Hedeland per@REDACTED
Sat May 1 21:51:27 CEST 1999

Artur Grabowski <art@REDACTED> wrote:
>lyn <lyn@REDACTED> writes:
>> Could I distribute that library along with my application (I am a US
>> citizen in the US)?
>You can distribute it as much as you want in the US and Canada. But nowhere

Well, I'm not a lawyer (either:-), and I think that Lyn should perhaps
contact one (or at least tap into the considerable sources of
information on these matters available on the net in general) before
proceeding - but I believe there are at least two issues relevant to the
question (which isn't Erlang-specific, of curse) that Artur didn't

1) I think the US export laws are somewhat more forthcoming in cases
where the crypto technology is used solely for authentication, and not
for actual encryption of the data transported. You probably still need
to apply for and get permission though, which may make the difference
academic for a "free" application.

2) Probably more important, as we're talking about public-key
technology: RSA, Inc has a patent in the US that covers the RSA
algorithms, in fact I believe they claim it covers all public-key
technology. This probably means that you can't distribute software that
uses such technology even *inside* the US without an agreement with
them. I think there is one specific implementation (RSAREF), provided by
RSA, that is excluded from the requirement of per-application agreement,
but probably has other restrictions on allowable use - I don't know
anything about the details of this, though.

--Per Hedeland

More information about the erlang-questions mailing list