From: Derek Atkins <warlord@MIT.EDU>
Date: Sun, 10 Jul 94 21:53:21 PDT
To: Jef Poskanzer <jef@ee.lbl.gov>
Subject: Re: using RSA-the-cryptosystem to secure RSA-the-company's patent?
In-Reply-To: <199407110444.VAA00229@hot.ee.lbl.gov>
Message-ID: <9407110452.AA28839@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> They got the stupid version number thing in; if they had thought of
> a better trap, they could probably have gotten that in instead.

The version number thing, actually, was a compromise.  Bidzos wanted
complete incompatibility with the existing codebase!  So, to please
his want of incompatibility, we made the version number change;
something that would force people to upgrade to new versions (which
people should be doing, anyways!)

> The point is, the secret key would not be in the source code.  I can't
> think of a way to use that; you can't; RSA couldn't; but I'm not
> convinced it's impossible.

If the secret key is not in source code, then where would it be?  Any
hooks that require the secret key can then be removed from the source
code!  The point of releasing source is so that people *CANT* put in
dain-bramaged back doors like you propose; the point is that having
the source code lets anyone see what's been done, and people can
actually change their version to ignore it, if they wish!

As for the version number hack; maybe some people think of it this
way.  I don't know, I'm not a mind reader.  But from my vantage point,
giving that little bit of rope has given us a US-legal PGP!

-derek