[Coderpunks distribution removed]. On Wed, 7 Oct 1998, Frank O'Dwyer wrote:
No, it doesn't, because no crypto library gives any application "strong crypto". It has to be used correctly and appropriately for one thing. For another, it needs to be free of back doors, whether intentionally placed there or otherwise. In the long run, full disclosure of source code provides the best assurance that this is so.
Of course source availablility aids greatly in evaluating the overall security of software. However, Jim was correct in pointing out that /requirin/g source availability of products by licensing restrictions employed in crypto component freeware is counterproductive. May companies will not be able to source contaminated by GNU-style licensing restrictions. Consequently, alternatives would be found. Some of those alternatives, include using no crypto at all or using crypto written by somebody that does not understand crytography. Hardly the outcome a Cypherpunk would desire. We should all thank Eric for making SSLeay available under a BSD-style license. The world probably would have half as many internationally available strong cryptographic products had Eric used GPL. The bottom line is that GNU-licensing is more restrictive than BSD/SSLeay-style licensing. Hence identical freeware will see less deployment under GNU than under BSD. Cyphpunks believe that more strong crypto is better. The conclusion in the GNU vs. BSD/SSLeay/etc. license debate should be clear. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred