Re: LYNX-DEV SSLynx

[David Woolley]

> 
> 
> David Woolley <address@hidden> writes:
> > > Does anyone have a compiled Lynx 2.7.2 for Linux, preferably with SSL 
> > > already put in it?  Same for BSDI.  I'd like to give them to my Linux and 
> > Providing an SSL binary of Lynx to a third party would be illegal as it 
> > would
> > have to include RSAREF
> 
> This is far from the whole story. There's only one country where using RSAREF
> would be at all useful, the US. In the rest of the world RSA enjoys no patent
> protection and Lynx could be linked with SSLeay using the native RSA code (if
> it using encryption is legal at all). And as you describe using RSAREF is only
> helpful for non-commercial use so it's not really a useful "solution".

As explained, I hope, in my later article, you are not taking into account
the GPL.  Lynx is GPLed.  Any SSL Lynx would be a derived work and must
also be GPLed.  GPLed works cannot be non-commercial use only.  Any 
Lynx containing RSA code would have to be issued under a clause in the GPL
which permits countries to be excluded, however that would be imposing 
an additional condition on a derived work, which is not permitted.  I think
such a restriction is something of a gray area, which should probably be
checked with the FSF by anyone intending to create an SSL Lynx, however,
it seems unreasonable to me for them to permit a licence which denies the
authors of the original work access to the derived work.

The GPL clause is there to deal with patents and the like.  There is
an interesting question as the impact of export controls on the freedom
to redistribute GPLed code; my suspicion is that this would be a 
political hot potato that the FSF would like to avoid taking a public
position on, but again anyone creating an SSL Lynx should probably check
with the FSF that either the GPL doesn't require freedom to export, or
that a country condition can be imposed in this case.

The proxy solution is cleaner, because the definition of merely bundled
would permit either a non-GPLed proxy or a non-USA GPLed proxy.  (Richard
Stallman has clearly explained to me that it is legal to distribute a 
system composed of a mixture of GPLed and non-GPLed components, providing
the end user can separate out the GPLed part and use it independently,
and providing the boundary is documented.  Bundling allows a more active
combination than a simple CD compilation.)

Note that there are other patents which may restrict commercial use of
SSL, although whether they are a factor for a particular country depends
on whether there is a patent in that country and whether that country 
permits software patents (the USA is one of few, and maybe the only,
such countries).  I am specifically thinking of the Swiss originated IDEA
algorithm.

You should probably note that PGP is no longer under the GPL (and,
unfortunately has a no-commercial use restriction in Europe, possibly
based on a misunderstanding that a valid patent exists on IDEA, or
possibly because Ascom Tech only permitted non-commercial use in the
USA on the condition that such a condition should be imposed worldwide).
The copyright on PGP actually requires such a large royalty on IDEA that
it would probably be uneconomic to use it commercially in preference to
other solutions, although I strongly suspect that there is a large amount
of illegal use.

Incidentally, I note that you are at MIT, so should have easy access to
the FSF.  I think there are some important questions about the GPL here,
and that SSL versions of Lynx are probably being distributed in breach
of it at the moment.