At 11:30 AM 06/12/2000 -0400, P.J. Ponder wrote:
>from the documentation for GnuPG:
>http://www.gnupg.org/gph/en/pgp2x/t1.html
>
>| Note: Using the extension modules idea.c and rsa.c without licensing the
>| patented algorithms they implement may be illegal. I do not recommend
>| you use these modules. If you have PGP 2.x keys, I suggest you revoke
>| them in favor of new keys and encourage correspondents who use PGP 2.x
>| keys to do the same.
>
>Is this right? If one obtained PGP 2.x legally, and used RSA and IDEA in
>conformance with the original license for personal use, would that license
>permit the use of the older PGP keys with Gnu Privacy Guard?
RSA and IDEA are totally separate issues. I don't know when the IDEA patent
expires (probably randomly different in Switzerland, the US, and elsewhere),
but you're bound by whatever limits the old license used.
RSA patent expires this summer (Yay!) But code that's based on RSAREF
is covered by copyright, so it's still limited by the RSAREF license.
If you're using non-RSAREF code, it goes free when the patent expires.
So use the non-RSAREF versions.
As far as the older keys go, you'll be able to use RSA keys
after the patent expires, so if you don't need IDEA, e.g. for signatures,
or for non-IDEA encryption, you're fine.
Also, remember that MD5 is pretty dodgy these days, so you'll want to
convert to SHA-1 forms as soon as possible.
>I don't have a copy of the old PGP license around. I presume one could
>continue to use PGP 2.x indefinitley under the old license.
Yup.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
