Jim McCoy wrote:
Frank O'Dwyer writes:
Agreed. For example, having SSLeay (say) used in some proprietary program or other would achieve very little in the way of "cypherpunk goals" (unless perhaps the company voluntarily published improvements and bug fixes for SSLeay).
Excuse me? What exactly to you think the "cypherpunk goals" are? It seems to me that promoting the adoption of strong crypto by everyone is high on the list and when we say "everyone" we mean to include the vast majority of users who are using propriatary and closed-source programs. That means that if a proprietary program uses SSLeay or any other crypto library to give the program strong crypto then the "cypherpunk goals" are being achienved.
No, it doesn't, because no crypto library gives any application "strong crypto". It has to be used correctly and appropriately for one thing. For another, it needs to be free of back doors, whether intentionally placed there or otherwise. In the long run, full disclosure of source code provides the best assurance that this is so.
I don't give a damn whether the application is "free" or not, I care whether or not it provides users with good security and privacy.
As the original poster commented, those two agendas may have more in common than you might think.
The relative freedom of the program (regardless of who is defining the word freedom) is incidental to the matter. If Microsoft came out with a statement that they were going to use SSLeay to provide all users (foreign and domestic) with strong crypto [...]
Microsoft is a good case in point; they are already using strong crypto, yet as far as I can tell they have yet to produce a secure OS or a secure product of any kind. Cheers, Frank O'Dwyer.