[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: comments on PGP *5*


On Wed, Sep 16, 1998 at 02:03:52AM +0000, Joseph Carter wrote:
> On Tue, Sep 15, 1998 at 02:13:47PM -0500, Manoj Srivastava wrote:
> > 	Yes, I guess I am interested in a RSAREF version, even if I
> >  have to build on myself. 
> > 
> > 	Why should I not be?
> Because just making the thing RSAREF-using violates the license AFAIK.
    This is incorrect.  If that were true, the MIT and PGP Inc
versions could never have been distributed (they both use RSAREF).
The original RSA library written by Zimmerman was MPILIB, and is used
in the international version.  

> Lets see...  RSAREF is slower and violates pgp license, but pgp5-i is faster
> and violates a patent who says you're free to use RSA non-commercially
> provided you use their version of it.

    MPILIB is in fact faster (nominally) than RSAREF.  I think most
people will only notice the difference on slower machines or during
key generation.  You're also mixing the terms "patent" and "license"
here.  IIRC, PKP holds a patent valid only in the USA on the use of
RSA in encryption, and has licensed it for non-commercial use provided
that only the RSAREF implementation is used.

> If you can't win for losing, use the faster one.  If I'm wrong about the
> copyright, you may consider making that RSAREF version.  Better yet, since
> RSAREF cannot be exported, but is in non-us since somebody already HAS, let
> someone outside the US do it, safer that way.

    If you're not particularly concerned about breaking the law, use
the MPILIB one.  If you are, a few compile-time defines documented in
the source code will create a version that uses RSAREF instead of
MPILIB.  A few more flags (and two file deletions, IIRC) will generate
a version of PGP completely indistinguishable from the one that PGP
Inc provides.  The only licensing issue is the "You may not distribute
any derivative works" bit in the Freeware license, but nobody has gone
after Schumacher yet, so it may be legal under one of the other two
main licenses included with the source.

 Zed Pobre <zed@va.debian.org> | PGP key on servers, fingerprint on finger

Version: 5.0
Charset: noconv


Reply to: