-----BEGIN PGP SIGNED MESSAGE----- Paul Robichaux writes
So.. if I buy 20 licenses of ViaCrypt PGP, then proceed to use PGP 2.6-based code in my applications, does that constitute a legitimate solution?
I had a similar question while trying to decide what version of PGP I'll be switching to, and had the following dialogue with Paul E. Uhlhorn, Director of Marketing, ViaCrypt, on the subject. JEK: The lack of source code for ViaCrypt PGP is an issue. If ViaCrypt PGP 2.7 were legitimately acquired, but the buyer, wary of black-box (sourceless) software, instead used a variant of PGP 2.6ui patched to identify itself as 2.7, would the substitution be detectable by any observer? Would either you or RSADSI object to this? Uhlhorn: If a person were to make 2.6ui look like 2.7, ViaCrypt would strongly object and would most likely pursue legal remedies. Our concerns would include copyright and patent (both IDEA and RSA) infringement. I cannot speak for PKP, Public Key Partners, but I would expect PKP would also consider this patent infringement. I understand 2.6ui to be a "patched" version of 2.3a which was not licensed by RSA or PKP. Once again, I believe it would be best to get a legal opinion on this entire subject. Please let me know if you find out other information on this subject. JEK: Is this true even if the person is a registered buyer of 2.7? Public availability of a program's source code is a powerful means to be sure that it is correct. How can one gain such assurance for PGP 2.7? How could confidence in the correctness of a secret program, even by its author, ever match that of a program open to public scrutiny by any interested person? Uhlhorn: ViaCrypt has exactly the same position if a person were to make 2.6ui look like ViaCrypt PGP V2.7 regardless of whether or not they are a registered user of ViaCrypt PGP V2.7. It is plain dishonest and illegal! [End of Uhlhorn dialogue] Granted, the issue here is different from yours, but it does give an idea of how ViaCrypt might react to an attempt to use their license to legitimize your use of another PGP. Hope this helps. John E. Kreznar | Relations among people to be by jkreznar@ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmAGZ8Dhz44ugybJAQGSKAQAjlOFHarkVhF7Cjcy3xX3v7A4XyAH5B7H C61efV7poiJXcYCV8H6t2w6RGrk1ux/ynwoseVOjTdDraK5crqxxITCplLqY13Vv rzaY0BFOWOLBIgty9Gjh4Oz4v89lRKxn2MhsflrS/TxMBZSeaYec7K4ufDZwCvWN JQ94CgrJM/g= =1O6L -----END PGP SIGNATURE-----