[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)
[Coderpunks distribution removed].
On Wed, 7 Oct 1998, Frank O'Dwyer wrote:
> No, it doesn't, because no crypto library gives any application "strong
> crypto". It has to be used correctly and appropriately for one thing.
> For another, it needs to be free of back doors, whether intentionally
> placed there or otherwise. In the long run, full disclosure of source
> code provides the best assurance that this is so.
Of course source availablility aids greatly in evaluating the overall
security of software. However, Jim was correct in pointing out that
/requirin/g source availability of products by licensing restrictions
employed in crypto component freeware is
counterproductive. May companies will not be able to source contaminated
by GNU-style licensing restrictions. Consequently, alternatives would be
found. Some of those alternatives, include using no crypto at all or
using crypto written by somebody that does not understand crytography.
Hardly the outcome a Cypherpunk would desire.
We should all thank Eric for making SSLeay available under a BSD-style
license. The world probably would have half as many internationally
available strong cryptographic products had Eric used GPL.
The bottom line is that GNU-licensing is more restrictive than
BSD/SSLeay-style licensing. Hence identical freeware will see less
deployment under GNU than under BSD.
Cyphpunks believe that more strong crypto is better.
The conclusion in the GNU vs. BSD/SSLeay/etc. license debate should be clear.
-- Lucky Green <mailto:[email protected]> PGP encrypted mail preferred