1998-10-06 - Re: propose: `cypherpunks license’ (Re: Wanted: Twofish source code)

Header Data

From: Matt Curtin <cmcurtin@interhack.net>
To: rms@gnu.org
Message Hash: d6704a49dda9b4809b810956a1982b2ddfeaa2649c5dc9eb9ebacade2eb5e991
Message ID: <864sthb1bv.fsf@strangepork.interhack.net>
Reply To: <199810051105.HAA13894@germs.dyn.ml.org>
UTC Datetime: 1998-10-06 03:37:29 UTC
Raw Date: Tue, 6 Oct 1998 11:37:29 +0800

Raw message

From: Matt Curtin <cmcurtin@interhack.net>
Date: Tue, 6 Oct 1998 11:37:29 +0800
To: rms@gnu.org
Subject: Re: propose: `cypherpunks license' (Re: Wanted: Twofish source   code)
In-Reply-To: <199810051105.HAA13894@germs.dyn.ml.org>
Message-ID: <864sthb1bv.fsf@strangepork.interhack.net>
MIME-Version: 1.0
Content-Type: text/plain

Richard Stallman <rms@santafe.edu> writes:

> I beg your pardon, but this is no mistake.  I'm well aware of the
> people who argue for donating code to companies "so it will be more
> widely used."

This is really an interesting, and subtle, point.  The goals might
well be different, but I suspect they're more complementary than most
of us immediately realize.

Specifically, I'm unconvinced that letting people "steal" our code
really advances the cypherpunk goal of good crypto everywhere (GCE...a
new TLA?).  Proprietary implementations, or proprietary builds of free
or public domain might well claim to be high quality implementations
of well trusted algorithms.

But without access to the source, how do we know?

What if someone makes an RPM of PGP, for example, with a "feature" to
fire your keys off to Big Brother for "backup" and/or "safe keeping"?

Matt Curtin cmcurtin@interhack.net http://www.interhack.net/people/cmcurtin/