[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Apple including PKS?

>Re: Apple include a PKS with their Macs
>Well, Apple does have a site license for RSA.  Tim Oren, who's on the
>list, knows more about this than I.  I ask him to respond.
>Maybe Apple could license the PGP code as a system utility?

Apple does have a license from RSA, which includes both site and
redistribution rights.  The intent is to make security-enhanced features
available in something called OCE (Open Collaboration Environment) which is
to be Apple's entry in the E-mail / user directory / etc.  marketplace. 
OCE is likely to be an add-on, that is, something not shipped with every
Mac, but available at extra cost.  Since I'm under NDA for the details of
OCE, I will simply quote what MacLeak says:

 According to MacWeek, Apple is using RSA software with 150-200 digit
primes for Digital Signatures. They are using "RSA's RC4 algorithm [which
will] provide
 encryption of the fly for data transmitted across an OCE (open
Collaboratioon Environment) network. Each message will be scrambled using a
unique 64-bit key.

BTW, notice that's decimal digits, not bits, in the signature length.

Apple is set up as a certifying authority, but I don't know any details of
the plans on how to certify keys.  It's a far from simple problem to work
out something that will work in the current personal computer market
structure and isn't subject to spoofing.

Re Apple licensing PGP code:  While Apple could presumably do so without
violating any laws, so long as any copyright holders in PGP granted
appropriate rights, I don't think it's very likely.  OCE is a package to be
differentiated by its user interface, and apparently MacPGP's (though I
haven't tried it myself yet) is rather crufty from the Mac point of view. 
Also, Apple traditionally wants very tight control over its source code,
and is unlikely to adopt something that arrives in such a (shall we say)
'informal' fashion from outside.

Finally, as a dose of preventive medicine, I should mention that all of the
above is my best interpretation of Apple policy and probable action, with
which I don't necessarily agree personally.  Flameage ignoring this
statement will be routed appropriately.

Tim Oren