Using GPG in the US

Paul D. Smith psmith at BayNetworks.COM
Mon Nov 23 23:18:00 CET 1998

%% "Caskey L. Dickson" <caskey at> writes:

  cld> This is very true, however I do not believe that the RSA plugin
  cld> was built with RSAREF and therefore does not apply to the
  cld> discussion as to what the legal aspects of using the GnuPG RSA
  cld> and IDEA plugins in the US are.

Certainly, but as you point out (and as I assumed but didn't state)
someone could rework the plugin to use rsaref.  The code that _uses_
rsaref is distributable, it's just the rsaref code itself that isn't.
If someone developed an rsaref "shim" for the existing plugin, that
would be cool and distributable.  Then the docs would just have to say
"in the US, go get rsaref from RSA, compile it, and point it out to
configure with --enable-rsaref."  Or something :).

  cld> It doesn't get around the usage issue for me personally because
  cld> almost everything I do is related to my job.

I'm not so sure; go take another look at the details of the license.  As
I read them, they're pretty liberal.  It looks to me like as long as you
don't make money _directly_ from your use of RSA (like selling a program
or a service that uses RSA) you're fine.

For example, as I read it, there would be no problem signing email
messages associated with your job via an RSA algorithm.

Of course, IANAL.

 Paul D. Smith <psmith at>         Network Management Development
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
   These are my opinions---Nortel Networks takes no responsibility for them.

More information about the Gnupg-devel mailing list