Re: LYNX-DEV SSLLynx (was: ender: address@hidden)

[Alan Cox]

> This is basically saying that the GPL is effectively or legally
> unenforceable outside the USA, and there is no moral obligation,

Not really. 

> if it is only effectively enforceable.  It is the GPL that says that
> any conflict with a patent ANYWHERE in the world makes the GPL void
> for that software, unless it is licensed with as specially permitted
> clause, allowing a restriction on distribution to certain countries.

The GPL one is on a per country basis.  Its there to stop someone
using a patent to force a GPL'd item non free.

> The current PGP (or the last one I got) is issued under a no commercial use
> (you must pay something well over GBP 50 to Ascom Tech for commercial use)

Thats the non GPL one. There is a GPL'd PGP which uses RSA available outside
the US. Using that one in the US is patent violating, using it outside the
US is fine (except for a few places like france,brazil). The US and commercial
ones are built with RSAref which itself is a commercial product and people
in the UK wishing to use that have to pay for it (software license rather
than patent issue then). PGP 5 free version uses elliptic curves

> Incidentally, one UK entrepeneur and regular poster on uk.legal claims to
> have obtained software patents (in other areas) in the UK and was claiming
> to be negotiating for the commercial sale of PGP.  That at least introduces

The uk.legal kook , yes I've come across him.. EEC law is quite explicit on
what cannot be patented. You can already bug commercial PGP and ssh in the UK 
btw and its quite popular, it comes with a nice manual, a good interface and
phone support. A lot of folks apparently think thats well worth the money.

> reasons as I quote for Lynx, the GPL clause saying that a conflict between the
> GPL and a patent makes the GPL void.

Yes, for the country it applies. So Lynx/SSL is a non-viable entity in the US,
and the license prevents it existing. Outside of the US it is on the whole
quite alive and well. Thats what RMS intended to occur - the "potentially GPL"
product that would require paying a third party is disallowed.

There are effectively ways around it - theres SSL aware web proxies that
do the SSL in the proxy server for example not in the browser (they are also
probably superior to Lynx/SSL too)

> According to piece on SSL in the O'Reilly book on Apache, the UK is not
> free in that an export licence is technically required here, however
> the authorities take a pragmatic approach, and don't try to enforce
> the unenforceable.  I seem to remember that the author is UK based.

Actually its all quite funny. The UK rule doesnt apply to stuff sent over
the internet only physical goods and the EEC single market rules make it
basically obsolete - hence things like the oxford crypto archive. We
are way behind Finland an Denmark where crypto is basically a recognized
right of privacy now.

Alan