On Sunday, Mar 9, 2003, at 12:37 US/Eastern, Michael H. Warfield wrote:
On Sat, Mar 08, 2003 at 07:07:18PM +1300, Peter Gutmann wrote:
Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
Implementing IDEA is trivial but as it is now, it is not possible to
use any
software without paying royalities to Ascom.
I've been using it for years without paying royalties to Ascom, and
so has
most of the rest of the PGP-using world. It's only if you're selling
it for
more than $10K (from memory) that you need to talk to Ascom.
Actually, it's far worse that this. I exchanged some E-Mail with
Richard Strab, the CEO of MediaCrypt, (the license vendor for Ascom)
and
he made it quite clear that their definition of "commercial users"
included
any and all non-profit organizations and anyone who was not using it
for
personal individual use (and even personal use was not acceptable if
you
were using it to communication with a "commercial" entity, even if that
entity was a non-profit professional organization or your church or
your
school). If you root around MediaCrypt's site you eventually find
their
draconian definition of what they feel constitutes commercial and
non-commercial and, for the life of me, I can't find much that they
CAN'T construe to be commercial and demand royalties. You end up
looking
for a really tiny needle (non-commercial) in a really broad and hazy
haystack (commercial).
From what I understand exchanging mail with some of my professional
counterparts at some universities, a number of universities already
have
blanket licenses negotiated and paid for. Their use is covered, NOT
because
it's non-commercial but, because they already paid for their
organization's
license.
Thanks for the information. This was my understanding too. All of the
non-exempt entities listed above will have to pay money to read
IDEA-encrypted OpenPGP messages. Or, in fact to interoperate with PGP2
applications in general IIANM.
As it stands, OpenPGP implementors are urged[*] to support this
outdated and non-royalty-free message format. Yet nobody should be
urged to perpetuate patent encumbered software if there is a gratis
(GnuPG) and fully functional (more secure even) alternative.
Getting OpenPGP adopted and used is plenty difficult enough as is.
Instead of insisting that the status quo be maintained we should
concentrate on removing any and all barriers to wider spread adoption.
Making sure that OpenPGP is completely royalty free is one thing that
helps. Removing complexity from the standard is another approach.
I want to be able to say "Send me an OpenPGP message!" *AND* be legally
allowed to decrypt whatever OpenPGP message I am sent. I don't have the
luxury of a university buying me a blanket license with taxpayer money.
I don't have a luxury of being paid and still be considered a
non-commercial entity.
Labeling support for IDEA messages RECOMMENDED[*] as is the case now
sends the wrong message to implementors. Marking IDEA messages
OPTIONAL[**] (with "MAY") avoids this trap. And stating that IDEA
messages SHOULD NOT be sent ensures that all alternatives will be tried
first before the application falls back to IDEA.
Cheers,
-J
[*] "SHOULD: This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course."
[**] "MAY: This word, or the adjective "OPTIONAL", mean that an item is
truly optional..."