[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tough Choices: PGP vs. RSA Data Security
>> If they are so willing to let us do this, then will they tell us why
>> we have to use their code? If they are willing to do it, it shouldn't
>> matter what code we use.
Wrong. The RSAREF code is *licensed* to you for non-commercial use.
They are explicitly not giving it away, or making it "freely
available". By allowing you to use it under their license, they are
not leaving themselves open to claims of non-enforcement of their
patent. If they let you write your own code, then, strictly speaking,
you would need a license to use it. Negotiating such a license is
expensive and time-consuming. You don't want to do it. If RSA is
willing to let you use their code, do so. It's probably the best
compromise you're going to get unless you have a lot of money and
lawyers to spare. I have the source code, and I can read it. If
there are any back doors, I (or someone with more experience) can find
them. That's enough security for me.
Marc
P.S. I don't like software and algorithm patents, and said so to Jim
Bidzos's virtual face during the conference last weekend. But the law
still stands, and although IMHO it is flawed, it's not inconsistent,
so I'll obey it. If the gov't outlaws strong crypto, then they've
just done something illegal w.r.t. the Constitution in my mind, and I
will feel free to disobey that law, should it come about. In civil
disobedience (which is essentally what people are arguing for), you
disobey laws you find so immoral or so evil that you cannot
conscionably obey them. I don't like the current patent law in this
country, but my disagreements are in the details of the law, not in
it's very nature. I don't think any of my fundamental rights are
being violated, so I'll complain and disagree, but not disobey.