[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Public key crypto

Date: Fri, 10 Jan 1997 22:55:33 -0800 (PST)
From: Kent Crispin <kent@songbird.com>
Subject: Re: Public key crypto

Rick H. Wesson allegedly said:
> 
> On Jan 10,  5:38pm, Kent Crispin wrote:
> > Subject: Re: Public key crypto
> 
> [snip]
> 
> > 4) PGP is used only for authentication, not encryption.  In some
> > jurisdictions that makes a difference.
> 
> It doesn't matter in france, So you are saying there won't be any
> registrys in France? Bad idea.

My understanding is that *private* encryption is illegal in France.  
It is possible for commercial entities to get permits.

[...]

> Still what will a registry in any country outside of the USA
> use for processing requests? The International version of PGP is
> illegal  to use for commercial purposes anywhere.

I don't believe this is true.  pgp2.6.3i has no restrictions on
commercial use, if you license IDEA.  See

http://www.ifi.uio.no/~staalesc/PGP/FAQ.shtml#License

However, you can't use it in the US (and probably Canada) for any
purpose, private or commercial, because it doesn't use RSAREF. 

So you use Viacrypt (PGP, Inc) pgp in the US and Canada, and pgp2.6.3i
in the rest of the world.

> > If you want to be able to authenticate registrars you have legal
> > issues.  If you don't authenticate registrars you have other problems
> > to deal with.
> 
> Correct so what are ways that these messages can be securely authenticated,
> w/o useing pgp?

Using PGP is not a problem.  It is the most widely available piece of
authentication software available, and it is pretty close to free.

But it is clunky to use it in a program, there is no doubt about that. 
There some alternatives (PGPtools, hack the PGP source, etc) but the
licensing issues aren't as clear then.  If I knew of a better 
alternative I would have used it...one possibility is to license
RSAREF -- something I would investigate for a future version, for 
sure. 

One of the basic design features of the registry code I wrote is that 
it has signed certificates that can be saved in files and used to 
enforce non-repudiation.  You get a lot of power from that, and there 
aren't too many alternatives available.  

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com,kc@llnl.gov		the thief he kindly spoke...
PGP fingerprint:   5A 16 DA 04 31 33 40 1E  87 DA 29 02 97 A3 46 2F

Follow-Ups:
- Re: Public key crypto
  - From: Jeff Williams <jwkckid1@ix.netcom.com>

References:
- Re: Public key crypto
  - From: "Rick H. Wesson" <wessorh@ar.com>

Prev by Date: Re: Transfering a domain
Next by Date: Q: Generic "Specific" TLDs
Prev by thread: Re: Public key crypto
Next by thread: Re: Public key crypto
Index(es):
- Date
- Thread