[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)
Jim McCoy wrote:
> Frank O'Dwyer writes:
> >Agreed. For example, having SSLeay (say) used in some proprietary
> >program or other would achieve very little in the way of "cypherpunk
> >goals" (unless perhaps the company voluntarily published improvements
> >and bug fixes for SSLeay).
> Excuse me? What exactly to you think the "cypherpunk goals" are? It seems
> to me that promoting the adoption of strong crypto by everyone is high on
> the list and when we say "everyone" we mean to include the vast majority of
> users who are using propriatary and closed-source programs. That means that
> if a proprietary program uses SSLeay or any other crypto library to give the
> program strong crypto then the "cypherpunk goals" are being achienved.
No, it doesn't, because no crypto library gives any application "strong
crypto". It has to be used correctly and appropriately for one thing.
For another, it needs to be free of back doors, whether intentionally
placed there or otherwise. In the long run, full disclosure of source
code provides the best assurance that this is so.
> I don't give a damn whether the application is "free" or not, I care whether
> or not it provides users with good security and privacy.
As the original poster commented, those two agendas may have more in
common than you might think.
> The relative
> freedom of the program (regardless of who is defining the word freedom) is
> incidental to the matter. If Microsoft came out with a statement that they
> were going to use SSLeay to provide all users (foreign and domestic) with
> strong crypto
Microsoft is a good case in point; they are already using strong crypto,
yet as far as I can tell they have yet to produce a secure OS or a
secure product of any kind.