PGP and WWW security

• To: www-security@ns2.rutgers.edu
• Subject: PGP and WWW security
• From: "John Hemming - CEO MarketNet" <JohnHemming@mkn.co.uk>
• Date: Fri, 04 Aug 1995 08:22:35 AM PDT

From: marcvh@spry.com (Marc VanHeyningen)
>Was anybody actually using it? If not, it seems implausible that anybody
>will anytime real soon. PGP is not available inside the U.S. for commercial
>use under reasonable terms, so I wouldn't expect to see anything happen with
>it here.

One advantage the PGP protocols have over X509 for instance is the
ability to have multiple signatures on the same public key certificate.
This seems to have merits from a regulatory point of view.

Does anyone know the terms on which PGP is licenced in the US?  I have
been slogging away to integrate PGP compatibility into our workhorse
tool.  The use of the x^e mod pq routines in the US is covered by patent
law, but not in the UK. The only real problem implementing PGP lies
in the use of the ZIP compression utility.  IDEA are willing to licence
their own components and the documentation with PGP is good enough
to implement an interoperable bit of software. (although it helps to have
a copy of "C programmers guide to serial communications" - Campbell)

The writers of ZIP have given me permission to use their routines.  A
big problem with their routines, however, is that they use a file handle
for the uncompressed and compressed data.  This needs quite a bit of
work to make it operate on memory buffers easily.

PGP is also easier to implement than BER/DER encoding, which involves
a lot of recursive routines that confuse my debugger.

John Hemming

• Previous: Re: some questions about SHTTP
• Next: Re: some questions about SHTTP
• Index(es):
  • Index
  • Thread