From: hallam@w3.org
Date: Wed, 20 Sep 95 22:43:20 PDT
To: cypherpunks@toad.com
Subject: Re: Please send me SSL problems...
In-Reply-To: <9509201715.AA19393@sulphur.osf.org>
Message-ID: <9509210543.AA02352@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain


Rich Salz <rsalz@osf.org> writes

>I've heard that Digital, HP, and IBM have all mandated that all security
>code (except keymgmt and other things that are out of scope) must go
>through the GSSAPI:  no writing your own stuff.  I heard, less
>authoritatively, that Microsoft has the same rules, except they use a
>FunnyLookingVariant(far) of an earlier GSSAPI draft.

None of these organisations have mentioned GSSAPI to me.

Do you have a source?


David Van Wie <dvw@hamachi.epr.com> writes

>Many technologies have both patented parts and trade >secret parts.  Often, 
>companies will maintain information that is in patent applications as trade 
>secret until they are granted.  I guess I should say _if_ they are granted! 
> After a patent is granted, it is usually a good idea to also maintain some 
>trade secrets in your products -- since trade secrets never "expire," unlike 
>patents.  If the patent isn't granted, you still have the option of treating 
>the contents as an intellectual property under trade secret protection.

Rubish, disclosure is required for a grant of a patent. Unless someone 
skilled in the art can duplicate the invention from the patent claim
you don't get a patent issued.

Trade secret protection is very tricky in any case. Its practically
useless if you want to protect a product rather than a procedure.