1994-08-28 - Re: Are RSA licenses fungible?

Header Data

From: jkreznar@ininx.com (John E. Kreznar)
To: perobich@ingr.com
Message Hash: 15ceb46b7094cb8dec1fdc57be7071972d57c35e48c1434adf279b2df353f942
Message ID: <9408280342.AA05474@ininx>
Reply To: <199408251446.AA17656@poboy.b17c.ingr.com>
UTC Datetime: 1994-08-28 04:59:17 UTC
Raw Date: Sat, 27 Aug 94 21:59:17 PDT

Raw message

From: jkreznar@ininx.com (John E. Kreznar)
Date: Sat, 27 Aug 94 21:59:17 PDT
To: perobich@ingr.com
Subject: Re: Are RSA licenses fungible?
In-Reply-To: <199408251446.AA17656@poboy.b17c.ingr.com>
Message-ID: <9408280342.AA05474@ininx>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Paul Robichaux writes

> So.. if I buy 20 licenses of ViaCrypt PGP, then proceed to use PGP
> 2.6-based code in my applications, does that constitute a legitimate
> solution?

I had a similar question while trying to decide what version of PGP I'll
be switching to, and had the following dialogue with Paul E. Uhlhorn,
Director of Marketing, ViaCrypt, on the subject.

JEK:
The lack of source code for ViaCrypt PGP is an issue.  If ViaCrypt PGP
2.7 were legitimately acquired, but the buyer, wary of black-box
(sourceless) software, instead used a variant of PGP 2.6ui patched to
identify itself as 2.7, would the substitution be detectable by any
observer?  Would either you or RSADSI object to this?

Uhlhorn:
If a person were to make 2.6ui look like 2.7, ViaCrypt would
strongly object and would most likely pursue legal remedies.  Our
concerns would include copyright and patent (both IDEA and RSA)
infringement.  I cannot speak for PKP, Public Key Partners, but I
would expect PKP would also consider this patent infringement. I
understand 2.6ui to be a "patched" version of 2.3a which was not
licensed by RSA or PKP.
 
Once again, I believe it would be best to get a legal opinion on
this entire subject.  Please let me know if you find out other
information on this subject.

JEK:
Is this true even if the person is a registered buyer of 2.7?

Public availability of a program's source code is a powerful means to be
sure that it is correct.  How can one gain such assurance for PGP 2.7?

How could confidence in the correctness of a secret program, even by its
author, ever match that of a program open to public scrutiny by any
interested person?

Uhlhorn:
ViaCrypt has exactly the same position if a person were to
make 2.6ui look like ViaCrypt PGP V2.7 regardless of whether or
not they are a registered user of ViaCrypt PGP V2.7.  It is plain
dishonest and illegal!

[End of Uhlhorn dialogue]

Granted, the issue here is different from yours, but it does give an
idea of how ViaCrypt might react to an attempt to use their license to
legitimize your use of another PGP.  Hope this helps.

	John E. Kreznar		| Relations among people to be by
	jkreznar@ininx.com	| mutual consent, or not at all.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLmAGZ8Dhz44ugybJAQGSKAQAjlOFHarkVhF7Cjcy3xX3v7A4XyAH5B7H
C61efV7poiJXcYCV8H6t2w6RGrk1ux/ynwoseVOjTdDraK5crqxxITCplLqY13Vv
rzaY0BFOWOLBIgty9Gjh4Oz4v89lRKxn2MhsflrS/TxMBZSeaYec7K4ufDZwCvWN
JQ94CgrJM/g=
=1O6L
-----END PGP SIGNATURE-----





Thread