Re: Apple include a PKS with their Macs

Well, Apple does have a site license for RSA. Tim Oren, who's on the list, knows more about this than I. I ask him to respond.

Maybe Apple could license the PGP code as a system utility?

Eric

Apple does have a license from RSA, which includes both site and redistribution rights. The intent is to make security-enhanced features available in something called OCE (Open Collaboration Environment) which is to be Apple's entry in the E-mail / user directory / etc. marketplace. OCE is likely to be an add-on, that is, something not shipped with every Mac, but available at extra cost. Since I'm under NDA for the details of OCE, I will simply quote what MacLeak says: According to MacWeek, Apple is using RSA software with 150-200 digit primes for Digital Signatures. They are using "RSA's RC4 algorithm [which will] provide encryption of the fly for data transmitted across an OCE (open Collaboratioon Environment) network. Each message will be scrambled using a unique 64-bit key. BTW, notice that's decimal digits, not bits, in the signature length. Apple is set up as a certifying authority, but I don't know any details of the plans on how to certify keys. It's a far from simple problem to work out something that will work in the current personal computer market structure and isn't subject to spoofing. Re Apple licensing PGP code: While Apple could presumably do so without violating any laws, so long as any copyright holders in PGP granted appropriate rights, I don't think it's very likely. OCE is a package to be differentiated by its user interface, and apparently MacPGP's (though I haven't tried it myself yet) is rather crufty from the Mac point of view. Also, Apple traditionally wants very tight control over its source code, and is unlikely to adopt something that arrives in such a (shall we say) 'informal' fashion from outside. Finally, as a dose of preventive medicine, I should mention that all of the above is my best interpretation of Apple policy and probable action, with which I don't necessarily agree personally. Flameage ignoring this statement will be routed appropriately. Tim Oren