I noticed a little blurb on the Business Wireservices today stating that a company named "Digital Delivery" has licensed technology from RSADSI for a turnkey CD-ROM software catalog called "CD Product Portfolio". The product is supposed to permit a company's most valuable software and intellectual property to be browsed, ordered, unlocked, and installed from CD-ROM with "absolutely no worry about hacking or unauthorized use." The product is based on BSAFE and uses the RSA Public Key Cryptosystem and the RC4 stream cipher. Now the interesting part is that this product has been granted commodity jurisdiction from the Department of Commerce and will be be allowed to be EXPORTED outside the United States under license, permitting foreign customers to create encrypted software catalogs and make use of this distribution mechanism. Through the magic of RSA encryption, a given program or image (!) on the CD-ROM will only be released after the browser has actually ordered and paid for the product. Do you think this crypto is "strong"? I am not familiar with RC4, but it would seem unlikely that it is both hack-proof and exportable at the same time. Cost considerations probably preclude encrypting CDs individually with different keys, so it is difficult to see what prevents disk owners from communicating keys to one another for the purpose of unlocking software. This idea of mass-produced CDs might nicely dovetail with DigiCash to enable the complete electronic purchase of programs without the necessity of having a high-bandwidth connection with the seller to transfer the software to ones own machine. Given the extensive "Threat of Crypto" propaganda we have been hearing from government minions lately, it is very nice to see the government pushing us towards a future where we may buy all sorts of interesting things from foreign mass-produced encrypted CD-ROMs with anonymous DigiCash, all in complete privacy. Thank-YOU Big Brother. :) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $