PGP 2.6 is dangerous in the long term ?
Personally, I happen to dislike the PGP 2.6 saga; I think it's effectively turning the wheel back viz. "US only software" as well as confusing the issue ("oh, which PGP do you have ?"). Some say that it's not a problem in the sense that PGP 2.3a will be upgraded to "support" PGP 2.6. Even this situation is clearly undesirable as PGP itself becomes a fragmented product -- esp. as I think "new users" will opt for PGP 2.6, and others will change too because of the purported "legitimacy". The result is that PGP 2.6 _will_ become heavily adopted in the US. This it not the point, however. As the RSA patent is expected to expire in the coming years, one would expect the liberation of PGP, at least in terms of the RSA algorithm (negating the export control issues). The sinister fact of PGP 2.6, and other derived RSAREF product is that even as the patent itself expires, RSADSI still exerts control over PGP by way of RSAREF. Being Australian, I've not read the RSAREF conditions, but there is at the point that commercial use will still not be possible (at it would be under non-RSAREF 2.3a) when the RSA patent expires. So quite possibly, PGP 2.6 is doing a great deal more longer term damage to the viablity of PGP than is immediately obvious. Is this a valid viewpoint ? Matthew. -- Matthew Gream Consent Technologies Sydney, (02) 821-2043 M.Gream@uts.edu.au
From: mgream@acacia.itd.uts.edu.au (Matthew Gream) Date: Wed, 25 May 94 12:43:46 EST Organization: University of Technology, Sydney. As the RSA patent is expected to expire in the coming years, one would expect the liberation of PGP, at least in terms of the RSA algorithm (negating the export control issues). The sinister fact of PGP 2.6, and other derived RSAREF product is that even as the patent itself expires, RSADSI still exerts control over PGP by way of RSAREF. You have to assume that RSA isn't being run by idiots. Either they're looking at closing their doors in seven years, or they've got a plan. If it were *my* company, I'd make sure that everyone depends on running my software. And since that's what I'd do, it's only reasonable to assume that that's what RSA is trying to do. So maybe what we (the c'punk community) need to do is maintain parallel versions of PGP (ick), one which continues to use 100% GPL'ed code, and another which uses RSAREF to stay legal. -russ <nelson@crynwr.com> ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.
On Tue, 24 May 1994, Russell Nelson wrote:
So maybe what we (the c'punk community) need to do is maintain parallel versions of PGP (ick), one which continues to use 100% GPL'ed code, and another which uses RSAREF to stay legal.
I may be foolish, but... What if (the cypherpunk community) comes out with a secure program that doesn't rely on RSAREF? Can it be done? NOTE: I very likely don't know what I'm talking about. ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
You have to assume that RSA isn't being run by idiots. Either they're looking at closing their doors in seven years, or they've got a plan. I asked Jim Bidzos about this last year. He told me they're planning on becoming a supplier of cryptography code and expertise. By using patent protection to restrict distribution of other implementations, they can sell their own libraries now and get them deployed. After the patents run out, they can rely on the cost of changeover and copyright protection to keep a viable business running. Plus they're going to continue to buy up patents. Eric
Date: Wed, 25 May 94 10:25:30 -0700 From: hughes@ah.com (Eric Hughes) You have to assume that RSA isn't being run by idiots. Either they're looking at closing their doors in seven years, or they've got a plan. I asked Jim Bidzos about this last year. He told me they're planning on becoming a supplier of cryptography code and expertise. If they had expertise, they wouldn't need patents. -russ <nelson@crynwr.com> ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.
Russell Nelson says:
Date: Wed, 25 May 94 10:25:30 -0700 From: hughes@ah.com (Eric Hughes)
You have to assume that RSA isn't being run by idiots. Either they're looking at closing their doors in seven years, or they've got a plan.
I asked Jim Bidzos about this last year. He told me they're planning on becoming a supplier of cryptography code and expertise.
If they had expertise, they wouldn't need patents.
Make no mistake, they have expertise. As much as we like to denegrate them, they are responsible for several algorithms we all use every day, like MD5. That said, I agree that the patents are unsavory. However, none of us thus far have shown the testicular fortitude to challenge any of them. Perry
In message <9405250243.AA03397@acacia.itd.uts.EDU.AU>you write:
As the RSA patent is expected to expire in the coming years, one would expect the liberation of PGP, at least in terms of the RSA algorithm (negating the export control issues). The sinister fact of PGP 2.6, and other derived RSAREF product is that even as the patent itself expires, RSADSI still exerts control over PGP by way of RSAREF.
I don't see this as a real worry. Once the use of RSA is legal worldwide, it is fairly easy to just yank the RSAREF code and drop in functionally equivalent, but legally unencumbered, code. Or, everyone in the US/Canada could just copy the compatable code from abroad. Linn H. Stanton <stanton@acm.org> The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi3iC/MAAAEEAOj2cr49PeFwa78Swqf3nBZHspCfZ+IgX8nGU8rbm2oJ6VYj u8o2M4c3Nv/tkoou24gDtM43/jSrRAalcX40pbGRqWJkkayJ52J8o4KupCrgsKLg fBE5P4tcUo9KaeJIaOfItJ2qrfTOcFuN7GiyTQ1E2/FGPSHDoqz3kXhxoZcNAAUR tCFMaW5uIEguIFN0YW50b24gPHN0YW50b25AYWNtLm9yZz4= =H8OV -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNED MESSAGE----- From: mgream@acacia.itd.uts.edu.au (Matthew Gream) Subject: PGP 2.6 is dangerous in the long term ? Date: Wed, 25 May 94 12:43:46 EST Being Australian, I've not read the RSAREF conditions, but there is at the point that commercial use will still not be possible (at it would be under non-RSAREF 2.3a) when the RSA patent expires. The GNU copyleft is supposed to disallow a lot of for-profit uses. Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeK/+xVg/9j67wWxAQGNqgP9FrqJ77ru0vH6mii7m9AElRfdqLvrFuum 7pRINtNpyW9qLtU8cQbdriAWJaxZX7CK70XkHPiSOXaIJ/A+pWrp4VW0f2F9vGBX W3HkERqGT9ikOxDVHAq5Qk3IvvXss+Ms+QdzGSDRK1bAgzJLH/YYbsdpsXW4+fgi raltpxGcZvg= =i4MI -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Subject: Re: PGP 2.6 is dangerous in the long term ? Date: Wed, 25 May 1994 07:42:09 -0400 From: "Perry E. Metzger" <perry@imsi.com> Ezekial Palmer says: > The GNU copyleft is supposed to disallow a lot of for-profit uses. The GNU copyleft in no way prohibits any commercial use whatsoever. Please do not spread inaccurate rumors about copyleft. That's a pretty big statement and it's at least partly wrong. Does selling something count as a commercial use? By using "for-profit" instead of "commercial", I meant you're not supposed to profit directly from the software, like by selling it. Of course it's possible to walk the line, but you have to be careful. The way that Lucid's Energize development environment relates to their version of GNU Emacs is a good example of establishing where the line is and making it clear what's being sold, "for-profit", and what's free. Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeNeVxVg/9j67wWxAQHVRAP9E/gumxwwQ0vbCLH8O72gPpEze96/G0DM 6IA7RnwBlT8yuIXmbCi9LmWw6/rekOVo0HU+0A4JOWtJ2xASMDr+zRmwtVUKts+1 3RKUDicxt1jrTo4Mu9o4vJilaCIlgd5x4TA0skGKujXGrTl7cmRQKNfkREYprmpg Gmqzmj/7cY8= =O23T -----END PGP SIGNATURE-----
anonymous@extropia.wimsey.com says:
From: "Perry E. Metzger" <perry@imsi.com>
Ezekial Palmer says: > The GNU copyleft is supposed to disallow a lot of for-profit uses.
The GNU copyleft in no way prohibits any commercial use whatsoever. Please do not spread inaccurate rumors about copyleft.
That's a pretty big statement and it's at least partly wrong. Does selling something count as a commercial use?
You are allowed to sell copylefted software. You just aren't allowed to stop other people from then giving it away. There is no prohibition on selling the software -- although one must remember that what you end up charging is for the act of providing a copy and not for a license for the software itself. Perry
Date: Wed, 25 May 1994 07:38:05 -0700 From: anonymous@extropia.wimsey.com Ezekial Palmer says: The GNU copyleft is supposed to disallow a lot of for-profit uses. I think the word you're looking for is "proprietary". I earn a living from my commercial, for-profit, GPL'ed collection of packet drivers. No reason why anyone can't do the same with PGP, absent stupid software patents and stupid export restrictions. There's a LOT of room for adding value to PGP.
participants (9)
-
anonymous@extropia.wimsey.com -
Ezekial Palmer -
hughes@ah.com -
Linn Stanton -
mgream@acacia.itd.uts.edu.au -
nelson@crynwr -
nelson@crynwr.com -
Perry E. Metzger -
Robert A. Hayden