Subject: Re: The Pledge model -- K5 generates 6 mos income in three days
From: "Stephen J. Turnbull" <stephen@xemacs.org>
Date: 28 Jun 2002 10:46:44 +0900

>>>>> "Ian" == Ian Lance Taylor <ian@airs.com> writes:

    Ian> And, finally, RSA would not be valuable without revealing the
    Ian> algorithm.  Few people would simply trust their security to
    Ian> such a system if the algorithm were not available for
    Ian> inspection.  So the only way to keep RSA proprietary was a
    Ian> patent.  Of course, that's a special characteristic of crypto
    Ian> algorithms.

I think you're (to some extent) wrong on both counts.  First, there
are an awful lot of people (decision-makers included) who believe the
security-through-obscurity and security-through-technology FUD that
some vendors and the backers of DMCA ad nauseum purvey.  But that's a
matter of education.

Second, in the abstract what you are saying is that access to the
source of RSA is an important contribution to the value of a product
incorporating RSA.  But that's what open source is all about.  All
software has that property to some degree!  Crypto is just an extreme
case where an informed consumer would accept closed source only if
there were absolutely no alternative.  It's not as special as all
that from this point of view.[1]

Perversely enough, the proponents of software patents recognize this.
Bill Gates doesn't want to keep the _secrets_ of his software---just
the money.



Footnotes: 
[1]  Granted, the combination of high demand for source and triviality
of implementation is perhaps unique to crypto.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
 My nostalgia for Icon makes me forget about any of the bad things.  I don't
have much nostalgia for Perl, so its faults I remember.  Scott Gilbert c.l.py