"Paul S. Penrod" <furballs@netcom.com> suggested:

PGP 2.6.2i is not US codebase, and RSA is not patented outside the US according to Bruce Schneiner. Therefore, if a product was deployed into the US using a non-US codebase, it is unclear to me what legal jurisdiction (if any) RSA may have in these circumstances.

The relevant issue is not the code-base. Copyright "protects" the code. A patent is a proprietary claim on a design for a device, in this case RSA's PKC. A nation issues a patent as an acknowledgement and validation of a proprietary claim on a specific design, for a non-obvious device, for a limited period, enforcable within the boundries of its jurisdiction. Nice try. 2.6.X-ui doesn't use Rivest's RASREF cryptographic toolkit like the US version does, but it does impliment the patented RSA "device." You can bring it into the US, but if you try to sell it in the US and make money from the design --without giving RSA its due -- they're gonna get ya! RSA has no "legal jurisdiction," in the US or elsewhere. (Few companies do;-) But I can understand how, hanging around a Libertarian cabal like C'punks, you might forget that sovereignty rests in the State. Wishful thinking, lad. Suerte, _Vin Vin McLellan +The Privacy Guild+ <vin@shore.net> 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548 <*><*><*><*><*><*><*><*><*>