[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV dodging the gun
|
From: |
David Woolley |
|
Subject: |
Re: LYNX-DEV dodging the gun |
|
Date: |
Sun, 22 Mar 1998 12:48:57 +0000 (GMT) |
>
> well, that's an interesting article. However, is there any where that
> one would use PGP or an equivalent in lynx? SSL isn't related to PGP in
> anyway that I know of, and thus this commercial software equivalent (which
SSL and PGP are very close, even if the Netscape would tend to play this down
(probably because association with freeware encryption gives the wrong
impression
to commercial buyers). They both are RSA, secure hash, symmetric
encryption combinations, using cryptographically signed key certificates,
and SSL can use exactly the same hash and symmetric algorithms as PGP.
They both are subject to the same patent and export control problems.
The essential conceptual difference is that PGP has the non-commercial
model of a distributed network of key certifiers, whereas Netscape uses
the commercial model of centralised, commercial, certifiers, even then
I'm not sure that this is enforced.
The other difference is that SSL is real time, so only one side absolutely
needs a private key at the RSA level, as the other side can send a session
key for use in both directions.
> would still have to be purchased by each user and would force all users
> of lynx to build lynx to be able to use it) would't help.
I think the suggestion being made was to use the same tactic to bypass
the export control part of the problem, but not the patent one.