Using GPG in the US

Paul D. Smith psmith at BayNetworks.COM
Tue Nov 24 01:31:09 CET 1998

%% "Caskey L. Dickson" <caskey at> writes:

  cld> On 23 Nov 1998, Paul D. Smith wrote:
  >> %% "Caskey L. Dickson" <caskey at> writes:

  cld> This is very true, however I do not believe that the RSA plugin
  cld> was built with RSAREF and therefore does not apply to the
  cld> discussion as to what the legal aspects of using the GnuPG RSA
  cld> and IDEA plugins in the US are.

  >> Certainly, but as you point out (and as I assumed but didn't state)
  >> someone could rework the plugin to use rsaref.

  cld> This may sound rude, but I'm not trying to be, I'm just tired:
  cld> What you've concluded is what is already known.  If you want to
  cld> make the shim, do it and we'll benefit and be thankful when we
  cld> can use it, otherwise we've simply spent all this time and energy
  cld> to established facts that we all knew beforehand. (I don't know
  cld> about you but that makes me feel like I've not only wasted my
  cld> time but also the time of everyone else on this list--I don't
  cld> like to feel that way.)

This may also sound rude, and I'm not trying to be either, but it
doesn't bother me that you feel that way.

It was obvious to me by the questions that started this thread and the
comments made on it so far that not _everyone_ knew this.  Otherwise I
wouldn't have posted.  Statements were being made about RSA, in general,
being patented and not available for use in the US without $$ for
licensing, not about the gpg RSA plugin in particular.  Furthermore,
even people who know about RSAREF may not have checked the licensing
lately: I understand earlier versions were significantly more

If such a thing were available _I'd_ certainly use it, to implement
PGP-verification on my USENET INN server.  They are still signing with
PGP-2 so I have no alternatives.  And that clearly falls within the
RSAREF license.

  cld> One of my favorite things about OSS is that nobody ever has a
  cld> (valid) reason to complain about how something works.  If you
  cld> don't like the way something works, modify it or get off the bus.

Please don't pull out that hoary old chestnut.  Even people dedicating
their entire lives to OSS, like RMS, don't have enough time to do
everything.  Just because the source is open doesn't mean that anyone
who won't or can't do the work themselves has no right to make

I do plenty for OSS, myself, and I feel no guilt about not jumping right
into this project, too.

  cld> Communiating with clients and staff using messages encrypted via
  cld> RSAREF in the course of pursuing my business clearly violates the
  cld> license and places my business in the very ugly position of
  cld> violating the rights of a much, much bigger company.  Nobody in
  cld> their right mind who has everything invested in their business
  cld> would do such a thing.  At least not for very long. :-)

I think you're wrong about "clearly violat[ing] the license".  The only
questionable part is section 2.b.i.  The issue is whether or not, in the
above cases, you are being compensated for using the rsaref-derived
program.  I'd say obviously not; you're being compensated for the
contents of the messages and documents, not for encrypting them.  YM, of
course, MV.

Anyway, it's not my intent to convince people to use rsaref if they're
uncomfortable with it.  I'm merely pointing out that it's there, it
_could_ be used, if someone put some (probably small amount of) work
into it, and its license is undeniably quite suitable for many uses:
exactly which is up to you or your lawyer's interpretation, as with all
licenses, obviously.

'Nuff said.  Bye.

 Paul D. Smith <psmith at>         Network Management Development
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
   These are my opinions---Nortel Networks takes no responsibility for them.

More information about the Gnupg-devel mailing list