[3020] in WWW Security List Archive
PCT licensing (was CryptoAPI 2 - Read before you Click)
daemon@ATHENA.MIT.EDU (Tom Johnston)
Fri Sep 20 22:53:14 1996
From: Tom Johnston <tomj@microsoft.com>
To: "'peter@thirdeye.com'" <peter@thirdeye.com>,
"'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
Date: Fri, 20 Sep 1996 16:01:26 -0700
Errors-To: owner-www-security@ns2.rutgers.edu
>Peter --
>
>Just to be clear, CryptoAPI 2 (topic of my original post) is
>not PCT. They're different and have different licenses.
>The substance of your message is about PCT, so I'll head
>down that thread.
>
In a word, we goofed -- two pages regarding the object code
version of PCT which should have said the same things did not.
Thanks for catching the error. We've updated the web page.
Here's the scoop.
>Microsoft makes both a source code version of PCT (PCTref)
>and an object code version of PCT available. PCTref is available
>free for both commercial and non-commercial use.
>
On the object code version of PCT, the license is correct; the other
web page was incorrect. Thanks for catching the discrepancy;
>it's fixed.
>
> -TJ
>
>----------
>From: peter@thirdeye.com[SMTP:peter@thirdeye.com]
>Sent: Thursday, September 19, 1996 3:16 PM
>To: www-security@ns2.rutgers.edu
>Subject: Re: CryptoAPI 2 - Read before you Click
>
>
>Tom Johnston <tomj@microsoft.com> made this amazing offer!
>
>> Interested in including cryptography and certificates in your
>> applications, but don't want to worry about writing code to implement
>> PKCS 7, X.509, ASN.1, or actually write cryptographic routines
>> yourself?
>> For more information, check out http://www.microsoft.com/intdev/security.
>
>Well, even though that sounded just too good to be true, I thought I'd
>go get me some of that Free Cryptographic Software!
>
>But, like my Pappy always said, if it sounds too good to be ...
>well I'm sure yours said the same thing.
>
>My Pappy also always told me to read things before I clicked Agree.
>(Actually, he was talking about signing things, but a click is as
>good as a signature to a blind developer.) So, I read all about
>the wonders of PCT 1.0, how it was going to change my life and
>improve the security of the world.
>
>I then read the Distribution Authorization Notice (located at
>http://pct.microsoft.com/pct10/pct10ref.htm), which said somthing like:
>
> What are the licensing terms?
> [ ... ]
> Microsoft distributes PCT 1.0 free for both non-commercial and
> ^^^^^^^^
> commercial use. In order get the PCT 1.0 source code itself, you
> ^^^^^^^^^^^^^^
> must first read the and agree to the PCT 1.0 License Agreement
> (should you choose to request a copy of PCT 1.0).
>
>and it still sounded pretty much like Free Cryptographic Software to me!
>And then I went to http://pct.microsoft.com/pct10/pctregf.htm and read:
>
> In order to download or receive PCT 1.0, you must agree to the
> terms of the PCT 1.0 Licensing Agreement by clicking on the
> button at the bottom of the page ....
>
>and then I read the - LICENSE AGREEMENT -, and then I was confused!
>Because it said:
>
> 1. GRANT OF LICENSE. This EULA grants you the following rights:
>
> You may install and use of the server software portion of the
> SOFTWARE PRODUCT on computers on which a valid copy of the Microsoft
> Internet Information Server has been installed, and install the
> client software portion of the SOFTWARE PRODUCT on an unlimited
> number of computers or workstations which may then access the
> server(s) at your premises solely to evaluate the SOFTWARE PRODUCT,
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> test its compatibility with other products and/or provide feedback
> to Microsoft.
>
>which doesn't sound very "free ... for commercial use" to me.
>
>They then go on (in section 2, included below) to say a number of
>other things, all of which effectively render the "free software"
>useless to any commercial firm.
>
>In fact, the Competitve Products paragraph alone is a nice little
>minefield for anyone so foolish as to agree to this Agreement, then
>decide the software is not what they need and then go do something better.
>
>Either the first page was deliberately misleading so that people would
>just blindly click on the "Agree" button (thereby laying the ground
>work to be sued by Microsoft at some future date) or there is some
>confusion on the part of Microsoft's attorneys about what the security
>group was trying to accomplish with this distribution.
>
>Did anyone else read this stuff?
>
> Just wonderin'
>
> Peter
>
>=============================================================================
>Peter Rowell, Third Eye Software, Inc., peter@thirdeye.com (707) 829-3793
> "Now is the Windows of our disk content." -- Richard v3.0
>==========================================================================
>
>
> 2. DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS.
>
>!> Competitive Products. You may not directly or indirectly use the
>!> SOFTWARE PRODUCT or any information about it in the development of
>!> any product that is directly competitive with the SOFTWARE PRODUCT.
>
> Environment. You may not use the SOFTWARE PRODUCT in a live
> operating environment where it may be relied upon to perform
> in the same manner as a commercially released product or with
> data that has not been sufficiently backed up.
>
> Limitations on Certain Testing Methods. You may not use the SOFTWARE
> PRODUCT for benchmarking or performance testing.
>
> Limitations on Reverse Engineering, Decompilation, and Disassembly.
> You may not reverse engineer, decompile, or disassemble the SOFTWARE
> PRODUCT, except and only to the extent that such activity is
> expressly permitted by applicable law notwithstanding this limitation.
>
> Rental. You may not rent or lease the SOFTWARE PRODUCT.
>
>
>
>
