Are RSA licenses fungible?
-----BEGIN PGP SIGNED MESSAGE----- I'm developing some software for use in psychiatric research; basically, about 20 field sites will run the software, collect data, and modem it back to a mothership central site. The encryption & security needs are evident, and one of the main reasons to meet these needs is that the doctors involved perceive that they might be liable for leaks. Code based on Pr0duct Cypher's PGP Tools would do exactly what I want done The good doctors' general fear of liability means that I can't expose them to the risk of unlicensed use of RSA's patents (even though I think those patents are questionable, my job is to not get my clients involved with that question.) So.. if I buy 20 licenses of ViaCrypt PGP, then proceed to use PGP 2.6-based code in my applications, does that constitute a legitimate solution? - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich@ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlyusKfb4pLe9tolAQHH6gP/cA/UwqpKqIDXv4ztBkUzyvLPypOUWRYB OoYGcE/AZF7vO1fgvkObZgwP59QC1Z0fsVU+lNUVgW8qIfadcwb0awBHcooQZ3OL 4d4cX9oD0ARxOrFoA4lFBU97k3lBXa+szyBD+hN2qyIxXUvHPPn5SZcZGYb7swMf zHfDONdqnq8= =FwPl -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Paul Robichaux writes
So.. if I buy 20 licenses of ViaCrypt PGP, then proceed to use PGP 2.6-based code in my applications, does that constitute a legitimate solution?
I had a similar question while trying to decide what version of PGP I'll be switching to, and had the following dialogue with Paul E. Uhlhorn, Director of Marketing, ViaCrypt, on the subject. JEK: The lack of source code for ViaCrypt PGP is an issue. If ViaCrypt PGP 2.7 were legitimately acquired, but the buyer, wary of black-box (sourceless) software, instead used a variant of PGP 2.6ui patched to identify itself as 2.7, would the substitution be detectable by any observer? Would either you or RSADSI object to this? Uhlhorn: If a person were to make 2.6ui look like 2.7, ViaCrypt would strongly object and would most likely pursue legal remedies. Our concerns would include copyright and patent (both IDEA and RSA) infringement. I cannot speak for PKP, Public Key Partners, but I would expect PKP would also consider this patent infringement. I understand 2.6ui to be a "patched" version of 2.3a which was not licensed by RSA or PKP. Once again, I believe it would be best to get a legal opinion on this entire subject. Please let me know if you find out other information on this subject. JEK: Is this true even if the person is a registered buyer of 2.7? Public availability of a program's source code is a powerful means to be sure that it is correct. How can one gain such assurance for PGP 2.7? How could confidence in the correctness of a secret program, even by its author, ever match that of a program open to public scrutiny by any interested person? Uhlhorn: ViaCrypt has exactly the same position if a person were to make 2.6ui look like ViaCrypt PGP V2.7 regardless of whether or not they are a registered user of ViaCrypt PGP V2.7. It is plain dishonest and illegal! [End of Uhlhorn dialogue] Granted, the issue here is different from yours, but it does give an idea of how ViaCrypt might react to an attempt to use their license to legitimize your use of another PGP. Hope this helps. John E. Kreznar | Relations among people to be by jkreznar@ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmAGZ8Dhz44ugybJAQGSKAQAjlOFHarkVhF7Cjcy3xX3v7A4XyAH5B7H C61efV7poiJXcYCV8H6t2w6RGrk1ux/ynwoseVOjTdDraK5crqxxITCplLqY13Vv rzaY0BFOWOLBIgty9Gjh4Oz4v89lRKxn2MhsflrS/TxMBZSeaYec7K4ufDZwCvWN JQ94CgrJM/g= =1O6L -----END PGP SIGNATURE-----
Paul Robichaux writes
So.. if I buy 20 licenses of ViaCrypt PGP, then proceed to use PGP 2.6-based code in my applications, does that constitute a legitimate solution?
I had a similar question while trying to decide what version of PGP I'll be switching to, and had the following dialogue with Paul E. Uhlhorn, Director of Marketing, ViaCrypt, on the subject.
JEK: The lack of source code for ViaCrypt PGP is an issue. If ViaCrypt PGP 2.7 were legitimately acquired, but the buyer, wary of black-box (sourceless) software, instead used a variant of PGP 2.6ui patched to identify itself as 2.7, would the substitution be detectable by any observer? Would either you or RSADSI object to this?
Uhlhorn: If a person were to make 2.6ui look like 2.7, ViaCrypt would strongly object and would most likely pursue legal remedies. Our concerns would include copyright and patent (both IDEA and RSA) infringement. I cannot speak for PKP, Public Key Partners, but I would expect PKP would also consider this patent infringement. I understand 2.6ui to be a "patched" version of 2.3a which was not licensed by RSA or PKP.
I disagree with this. I can't find the line of reasoning here. The only guaruntee of patent and (and to some extent) copyright to the holder is right to collect fees. Once you have collected those fees and if future fees are not in jepeordy, you don't have 'standing' to complain, as I see it. ...
Uhlhorn: ViaCrypt has exactly the same position if a person were to make 2.6ui look like ViaCrypt PGP V2.7 regardless of whether or not they are a registered user of ViaCrypt PGP V2.7. It is plain dishonest and illegal! [End of Uhlhorn dialogue]
Makes no sense, unless they are talking about you giving out the modified version. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw@lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru.
participants (3)
-
jkreznar@ininx.com -
paul@poboy.b17c.ingr.com -
sdw@lig.net