About a month ago, I sent a letter to PKP requesting information on
licenses and what-not under the terms discussed in RFC 1170. So far I
haven't received any reply, and so would like to know what others
experience has been like in getting a quick/slow response to such queries.
What's this? Rhys is not being a cryptoanarchist and defying PKP's
patents? Heavens! What's the world coming to? :-)
Basically, it is probably cheaper to license it than to hire a lawyer to
defend myself no matter what I may think of software patents in general. :-(
Related to licensing is the following: I'm thinking of writing a small
library to be embedded into shareware applications (not necessarily
PEM-related) which will check for the presence of "unlock files" which
unlock additional features for registered users. The best way to handle
this (I think) is some kind of signature mechanism, where the registered
user sends their name and address which is signed by me and checked
against an public embedded key in the program. I'm not too worried about
people hacking the code with NOP's - if they go to that much trouble, they
can have the extra features. :-)
Now, the "lawyer bit". The only code that needs to be in the shareware
application is "m^e mod n" together with the e and n values. Would this
blatant use of ordinary mathematics to "unsign" the signature bring PKP's
lawyers down on top of me? The signatures themselves would probably be
generated by a traditional PEM package like RIPEM-SIG, and then translated
into the unlock file format.
This is similar to a previous query that I saw many months ago about
putting such code into UA's so that ordinary UA's can check the validity
of signatures without needing to have the full signature-generation and
key-generation code.
Just curious.
Cheers,
Rhys.