OpenPGP Card

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Sep 6 05:14:56 CEST 2005


Lionel Elie Mamane <lionel at mamane.lu> writes:
>On Mon, Sep 05, 2005 at 10:14:41PM +0200, Alon Bar-Lev wrote:
>> Since your GPLed program does not contain any other licensed code it is
>> still GPLed...
>> The same goes with GPLed licensed program that loads PKCS#11
>> module...
>
>Not unless that PKCS#11 module "is normally distributed with the major
>components of the operating system". (Assuming here that the PKCS#11 module
>would is a library that GnuPG would be dlopen.)

PKCS #11 is a device driver without which it's impossible to use critical (to
the application) hardware.  If you take this interpretation then GPG already
violates it because it ends up using all manner of components (RAID drivers,
ATI/nVidia video drivers, PC/SC drivers, etc) that aren't distributed as part
of the OS.  In fact if you wanted to go reductio ad absurdum even kernel32.dll
is excluded because the hotfixes that are constantly applied to it aren't
"normally distributed with the system components" - they're a special
download.

On the other hand using a particular interpretation of the GPL in order to
make it impossible for GPG to be able to support widespread smart cards and
crypto hardware is a great example of cutting off your nose to spite your
face.  I guess you can always tell people who want to use crypto devices with
PGP to go with the commercial PGP instead.  Or cryptlib :-).

Peter.




More information about the Gnupg-users mailing list