CA certificates (was: Re: Mass bug filing: Cryptographic protection against modification)
- To: firstname.lastname@example.org
- Subject: CA certificates (was: Re: Mass bug filing: Cryptographic protection against modification)
- From: Florian Weimer <email@example.com>
- Date: Wed, 05 May 2004 06:34:55 +0200
- Message-id: <firstname.lastname@example.org>
- In-reply-to: <20040504065718.GX7487@archimedes.ucr.edu> (Don Armstrong's message of "Mon, 3 May 2004 23:57:18 -0700")
- References: <email@example.com> <20040504065718.GX7487@archimedes.ucr.edu>
Don Armstrong <firstname.lastname@example.org> writes:
> On Tue, 04 May 2004, Florian Weimer wrote:
>> A few packages contain "software" (well, everything's software these
>> days) which is cryptographically protected against modification.
>> This seems to violate DFSG §3.
> Uh, if you're refering to the PGP keys and certificates inclosed in
> these works, you really need to reread DFSG §3 very carefully.
> Presumably the licenses of these works allows modified works,
> derived works, and distribution of said works. If it does, there is no
> DFSG §3 violation.
I've digged a bit more, and VeriSign actually has a license governing
the *use* of their certificates (including the root and intermediate
The license seems to violate DFSG §6. It also fails the Desert Island
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: atlas.cz, bigpond.com, di-ve.com, hotmail.com,
jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt,
tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr.