From: Lucky Green <shamrock@netcom.com>
Date: Thu, 8 Oct 1998 09:36:08 +0800
To: "Frank O'Dwyer" <fod@brd.ie>
Subject: Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)
In-Reply-To: <361BF06E.164B7CF@brd.ie>
Message-ID: <Pine.SUN.3.91.981007180953.11287B-100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain



[Coderpunks distribution removed].

On Wed, 7 Oct 1998, Frank O'Dwyer wrote:
 
> No, it doesn't, because no crypto library gives any application "strong
> crypto". It has to be used correctly and appropriately for one thing.
> For another, it needs to be free of back doors, whether intentionally
> placed there or otherwise. In the long run, full disclosure of source
> code provides the best assurance that this is so. 

Of course source availablility aids greatly in evaluating the overall 
security of software. However, Jim was correct in pointing out that 
/requirin/g source availability of products by licensing restrictions 
employed in crypto component freeware is 
counterproductive. May companies will not be able to source contaminated 
by GNU-style licensing restrictions. Consequently, alternatives would be 
found. Some of those alternatives, include using no crypto at all or 
using crypto written by somebody that does not understand crytography. 
Hardly the outcome a Cypherpunk would desire.

We should all thank Eric for making SSLeay available under a BSD-style 
license. The world probably would have half as many internationally 
available strong cryptographic products had Eric used GPL.

The bottom line is that GNU-licensing is more restrictive than 
BSD/SSLeay-style licensing. Hence identical freeware will see less 
deployment under GNU than under BSD.

Cyphpunks believe that more strong crypto is better.

The conclusion in the GNU vs. BSD/SSLeay/etc. license debate should be clear.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred