Slashdot Mirror
Apple Data Security Framework
rschroeder writes: "Apple has opened their Common Data Security Architecture framework, which "contains an expandable set of cryptographic algorithms to perform code signing and encryption operations while maintaining the security of the cryptographic keys." Lots of good info in addition to the code."
MacOS X has OpenSSL out of the box.
Microsoft has sold all of their stock - after the holding time they agreed on with Apple elapsed. Micro$oft gave Apple $170 million. Apple had/has over $4 BILLION in the bank... it was strictly a marketing ploy to give analysts confidence in the company's viability "If Micro$oft gave them money they must be OK... now I don't have to do any research!!" (not that analysts do actual reasearch anyway...)
Now imagine the heat they would get with a GUI to run on other OSs. You'd have the Linux camp crying bloody hell because it's not free and how superior KDE and Gnome are. You'd hear people blame about how insecure it was because it was closed, even if it wasn't insecure. You'd hear people complain about how the GUI contributed to a security hole, even theough the underlying security hole was due to that other OS.
Apple would hear about all the "incompatibilities" the GUI introduced. About how they couldn't "win in their own market on their own hardware" and had to "adopt" another market to survive.
If Apple went to try some quality control and made an agreement with an x86 hardware manufacturer, say AMD, Athlon, and Micron Memory, you'd get folks schreaking about how Apple "tied" products together, where limiting their hardware "choices".
And if they didn't "bundle" with hardware, the tech support issues they would have to deal with would be tremendous.
There is NO WAY IN HELL Apple is releasing this GUI for general mass consumption on other generic hardware unless they have a direct tie into the underlying OS and hardware, or with huge disclaimers--someone gets it to work, Apple doesn't support it. So yes, they could port it to x86, but they'll do it on their terms, not on the consumers. I don't like that decision, but I certainly understand it, given what I've read on /. and in the media since MacOS X's release.
The negative talk would hurt their bottom line on sales on their own proprietary hardware. Meanwhile, they would be losing money from the increased support. They'd have to charge upwards of $200 to cover this, and then the "bloody hell" cries would start and the cycle would begin again.
Not going to happen.
Yes, Intel has its own implementation but, if you've looked at it, you'll know that it has various issues and does not fully implement the spec. Apple's implementation was developed completely in-house and is not a port.
Also, from what I hear, the Apple people are quite highly regarded by their peers at CDSA meetings...in fact, the Intel folk often go to them to get questions answered about the spec and the best way to implement it.
Well, Darwin builds on x86, and rumor has it that Apple engineers do parallel builds of the MacOS X code (minus the Carbon and Classic stuff that is Mac-hardware/PPC specific) in order to make sure that the portability that they inherited from NEXTSTEP doesn't get accidentally broken. It's not because Apple plans to ship on x86, but so that their core OS is portable so that in the future they have the option of switching chips if Motorolla/IBM keep slacking off on performance.
Remember, NEXTSTEP runs on SPARC, HP PA-RISC, x86, PPC, 680x0, etc., so the core OS is already proven to be highly portable.
CDSA is more than just an equivalent of openSSL...
CDSA is a standard that was established by the open groups, a number of corporations are working on CDSA products, it does provide a large range of services other than providing a common API for cryptographic services, trust policy, certificate library and so on.
While it offers a standard way of securely communicating data, it also offers a common way to establish policies and the many things. it was meant to be a complete solution for security, especially for e-commerce.
It's nice to see an implementation openly available, if no one uses it it will still be easier to ensure interoperability with MacOS X...
Also it brings some publicity to CDSA, which is not bad.
In my opinion, it's a good thing.
The reality is, the Apple is not secure concerns are media spins by folks who are looking for a problem to write about. Not finding it, they write about "concerns" and play on the ignorant OS advocates and trollers, who respond and draw everyone else into the mix.
It's been like this for ages. Look at the /. articles. There's one that Apple is not being security conscious. Then there's an Ask Slashdot which accuses Apple of too many upgrades. Now this, where Apple has simply adapted technology to fit their machines--it's doubly played as if Apple invented it (they make no such claim) and is trying to take credit for it, and that Apple is upping security, as if Apple wasn't secure in the first place.
Sorry, but there have been MORE exploits for Linux than MacOS X from the time MacOS X has been released. Worse, Linux has been around awhile, while MacOS X, being the new, unproven OS, should have been littered with holes. The opposite proves true, but you won't have people in the media or other OS advocates pointing that out.
Ummm... who cares about Apple? CDSA was developed by Intel. Intel is responsible for the bulk of CDSA. Intel built the code with portability in mind. That's why Apple was able to port it. http://developer.intel.com/ial/security/ http://developer.intel.com/ial/security/press.htm Intel released the source code in 2000: http://developer.intel.com/pressroom/archive/relea ses/in092500.htm
For the last few versions, the Mac OS has been loading it's "ROMs" off disk early in the boot process. Look in the system folder for a file named Mac OS ROM.
Of course, you're probably still right but about some other bit of hardware. Macs still have NVRAM, after all.
Yes, that is true. The Mac OS ROM is not actually a ROM anymore ,but is a file. This file, however, is still Apple's protected IP.
In order for clones to pop up, Apple would have to license the use of this ROM file, which as mentioned in other comments, they will not do!
Short answer: No.
Longer answer: It's a security framework with hooks to a lot of things. If you'd read at least the introduction you'd have seen that it does, indeed, contain support for SSL, PGP and many other standard security/encryption/ham-and-cheese-sandwich technologies. Actually it's the MacOS X implementation of the OpenGroup standard. I do not know (did not find information more like it), however, if they _did_ implement the whole schmiel.
Longer longer answer: read the OpenGroup documentation. Download the code. Read the code. Come back and tell us about it.
--Moo
A cool thing about the CDSA is that you can replace any part you don't like. So, if you feel the NSA has compromised it, you can replace the crypto portions with your own provider based on OpenSSL.
-Dave
Citizens Against Plate Tectonics
> while maintaining the security of the cryptographic keys
t xt
k ms .txt
k ms 2.txt
k ms 3.txt
That would make a change.
http://lwn.net/1999/1202/security.php3
http://www.cs.auckland.ac.nz/~pgut001/pubs/pwl.
http://www.cs.auckland.ac.nz/~pgut001/pubs/brea
http://www.cs.auckland.ac.nz/~pgut001/pubs/brea
http://www.cs.auckland.ac.nz/~pgut001/pubs/brea
--
rant
Secondly I don't see any references as to the encryption used - it's a MS-specific blackbox as far as I can tell. Considering MS's shaky history of security implementations & the general problem of closed-source encryption this isn't particularly comperable to Apple's Open Source implementation of an outside published standard written by broad coalition of interested users.
Finally what uses this? Win2k has literally thousands of API's, some excellent, some half-baked, some simply broken or braindead, many overlapping or redundant. Having an API is one thing, using it or getting it used is another, particularly in the archeology that is Win2k.
Under MacOS 9 & 10 the Keychain is availiable from within the Finder, the Chooser, it's more modern implementation the Network Browser, the en/de-cryption applets, MS's Internet Explorer, most FTP clients including Interarchie & Fetch plus numerous other applications.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
One of the features of MacOS 9 has been the ability to encrypt any file via a set of system-level services. A second feature has been the ability to use a "Keychain" service where passwords & other information can be securely stored & automatically retrieved by authorized applications. A third feature has been the ability to use a Voiceprint as a password.
Here are a number of examples of how these features can be used:
- Macs running MacOS 9 and greater support Multiple Users. Thus folks can (or must) log in in order to access their materials. This login can be accomplished via typed password or Voiceprint. Macs with access to an appropriate server can store individual preferences on the server and these can used applied from client Macs as the user logs in.
- In order to encrypt or decrypt a file under MacOS 9 and greater on need simply drag-and-drop the file/folder/drive to the encryption application. This service can also be called from within any application utilizing the cryptographic API's.
- Utilizing the "Keychain" any program can store or retrieve settings, passwords and other secured bits of information. Thus instead of saving one's web-account passwords in an easily read text file they're stored encrypted in a file where explicit authorization must be given for access. The same for the other various servers one might utilize regularly or occasionally - their login information and passwords can be stored under a single master-password and applied at need.
Now, lots of folks are going to start reading this and trying to imagine lots of ways they could break this, the possible downsides, etc. Yes, it's not completely foolproof. On the other hand it's a lot better then many other OS's offer, particularly when you realize it's widely supported throughout the OS and by many (most?) applications. Furthermore it seems fairly well thought out and after being out in the field a bit it seems to be working well.It's good to see Apple is finally documenting the same hooks in MacOS X. Presumably by completely opening the material a better evaluation of the processes can be made and improvements implemented by third parties. Furthermore since it's a standard promulgated by a number of companies all in the security field this has a good chance of being implemented in a wide range of products.
It would also be great if other OS development folks could take this code and use it to compare/contrast their own efforts in this direction and use them to improve themselves, possibly even work towards adopting some common material where the specs are vague.
Finally, before going and making wild-assed assumptions based on how you assume this stuff is implemented or blue-skying on it's possible flaws howzabout investing the 10 minutes and actually getting the facts first, not wasting all of the rest of ours time? This is all Open Source and it's well documented so it's not up to everyone else to teach you: Go read it for yourself.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
That said there's a long distance between Darwin & MacOS X. Carbon, Quartz, Aqua, QuickTime, Classic - all are critical parts of MacOS X that aren't in Darwin. Without them Darwin is an interesting BSD variant with a Mach-based kernel, reworked IO & some nifty OO & "Frameworks" support and innovative configuration-files-settable-via-XML technology.
That doesn't a clone make. Indeed it's debatable if Apple could themselves easily make a clone-able Mac at this point. So much of MacOS X (not Darwin) is PPC-specific and relies so heavily on Apple hardware implementations it might not be easily possible.
Sure Next was ported many times & MacOS X has inherited much of that flexibility but since then there's been massive rewrites. It's likely that most of everything above Darwin might require a lot of work now move to another architecture or even motherboard design, there appear to be lots of assumptions made in the design.
Sure there are always rumors of MacOS X running on x86/Alpha/etc. chips and there was a Rhapsody release that was cross-platform as well as stories of a beta MacOS 8 runnable on an IBM RS6000 but at this point it seems unlikely that the MacOS X now out there could be easily moved to either an Intel-standard motherboard architecture (BIOS/ Northbridge/Southbridge etc.) or to another workstation architecture using OpenFirmware etc.
Possible: Yes.
Easily Achieved: No
Possible by someone other then Apple? No
Darwin does not MacOS X make.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Yes, but there's still a boot ROM on the Macs. The ROM-in-RAM does load a "ROM" from a file on disk, but the Boot ROM (basically a BIOS) does quite a bit at startup. Here's info from the original iMac's developer notes:
"The Boot ROM contains the code needed to start up the computer, initialize and examine the hardware, provide a device tree to describe the hardware, provide hardware access services (RTAS), and control to the OS. The Boot ROM can be grouped into the following major pieces. "
Granted, this doesn't contain a significant portion of the OS, like the ROMs used to, but it's pretty key.
-jon
Remember Amalek.
-jon
Remember Amalek.
Uh, it is. By default, Mac OS X ships with Mac file sharing off, FTP off, Apache off, and ssh off. Telnet is disabled in all versions since 10.0.1. If you want to turn them on, it's just a checkbox, but 99% of all Mac users won't turn on any of them except for Mac file sharing, which should be pretty safe; I don't know of any AppleTalk exploits.
-jon
Remember Amalek.
No, it doesn't. Darwin alone isn't much more than a BSD variant, and I'd be pretty surprised if Apple isn't using the copyrighted ROMs on every Mac's motherboard as some sort of dongle for the higher-level Mac OS X functionality. You couldn't copy those ROMs without Apple's permission and that will happen over Steve's cold, dead body.
Whether or not Apple could survive under a licensing system is a different debate. But I doubt that it'd be possible technically without Apple's blessing.
-jon
Remember Amalek.
Xinet (available for Solaris/SPARC and Irix) does use encrypted AFP passwords, and otherwise does an excellent job as a Unix AFP server. Helios, on the other hand, uses cleartext passwords. Xinet costs a bit of money, but might well be worth it.
"2.You are permitted to read the HTML and PDF versions of Open Group publications using your HTML browser/Acrobat software and to download them for your own personal use provided you have given your name and email address for each publication requested. However, you are NOT permitted to amend, copy, reprint, offer for sale, or otherwise re-use material from these documents without explicit permission from The Open Group.
I assume "otherwise re-use material" would include actually implementing the specification.
Funny thing. I clicked to download the code, server authentication box came up. I entered nothing and clicked ok. Let me right through :)
I wonder if they are implementing their own procedures and standards.
rb
Is the the MacOSX equivalent of OpenSSL?
No. This is an extensible architecture that allows you to add modules for a ton of algorithms. Think of it more as a pluggable architecture something like Java's JCE.
I'd assumed that OpenSSL would work on MacOSX, given all the spiel about it being Unix based.
Mac OS X ships with TCPWrappers, OpenSSL and OpenSSH installed by default since version 10.0.1. There's a GUI interface available in the System Preferences panel to turn it on and off (if you're an administrator - ie. are in the wheel group).
For those of you wondering what a CDSA might really be, you can read all about it here at the opengroup.
Good stuff.
You could do what I do - use Nifty Telnet SSH to scp files around, tarring them from the shell if necessary. It's nowhere near as convenient as mounting a directory remotely, but it is far more secure.
--
The orginal version 10.0.0 had no openssl or openssh.
Yeah, but the public beta did have OpenSSH and OpenSSL. The first retail release did not have crypto because not everything got worked out with the government in time.
I've been told that the reason older versions of OpenSS[H/L] were included with the update was the same reason -- it takes time to get approval for newer software. I'm not sure how true this is, just what I was told.
- Scott
--
Scott Stevenson
WildTofu
Scott Stevenson
Tree House Ideas
--
--
--
Sadly, the previous poster hasn't updated his software in some time. The current version of netatalk allows three different encryption schemes, one of which is triple DES. Should be secure enough for him...
Actually, they did quite a bit a testing against recorded voices, using a variety of media. The testing showed it was VERY difficult, if possible at all, to beat with a recording.
Keep in mind, that with the number of machines Apple sells, they're on track to be the volume leader for UNIX installations by the end of this year.
Fortunately, Mac OS X is pretty tight right out of the box. As installed, all services are *off*, and there is already a nice GUI app for configuring IPFW (BrickHouse.app, look for it on softrak at www.stepwise.com)
AFAIK, nobody running a NeXT machine ever got 0wn3d, despite a grievous early mistake in the window server, due to the platform being a very small target (~50K seats, max.)
Basically, any exploits that work on netBSD are a hazard for Mac OS X, except that they'll have to be re-compiled for PPC.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
If you are that paranoid, you better have a good, secure compiler.
Troll Like a Champion Today
Is the the MacOSX equivalent of OpenSSL?
(I'd assumed that OpenSSL would work on MacOSX, given all the spiel about it being Unix based.)
--
Too stupid to live.
Too stupid to live.
Too stubborn to die.
Hardly. Microsoft is a minority shareholder, and hardly has much weight to throw around in that manner.
The main leverage Microsoft has on Apple is the threat of cancelling MS Office for the Mac. But that does make MS a ton of money, so they're not just doing it for leverage purposes.
-- "Those who cast the votes decide nothing. Those who count the votes decide everything." -Joseph Stalin
This seems like a good first step for Apple to be taken more seriously, especially given public concerns about Apple not taking security seriously.
I'm glad to have the opportunity to look into this framework now. Hopefully Apple will keep addressing the security holes that'll pop up elsewhere in the OS from time to time.
Will this silence the rabid anti-Apple critics who haven't used a Mac since 1984 (if ever)? Not a chance.
-- "Those who cast the votes decide nothing. Those who count the votes decide everything." -Joseph Stalin
Any code posted on their Publicsource site is open for all comers. For example, OpenPlay runs on Mac, Win, and various *nixes.
As for CDSA, a couple other people are already working on Windows and Linux implementations.
Is apple going to give MS authenticode a run for its money? I doubt it.
Hmm, on a barely related note. doesn't MS has a stake in Apple? Isn't apple just another faceless drone company with the big Gates behind it? ;-)
Apple does not recommend the use of Voiceprint unless the user has a high quality microphone -and- has the audio inputs set to 16 bit / 48 kHz. It's too easy to defeat otherwise
Bummer. I guess this means I would need to use at least this high quality of a tape playback to defeat it.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
MacOSX ships with almost all of its services turned off, as did Mac OS 9 and its predecessors
Mac OS 9 and predecessors, don't ship with very many services. AFP, Personal Web Sharing.
Just a very few years ago, this list was only AFP. Apple's AFP at least doesn't send passwords in the clear. (Unless client is a Mac, and server is a Linux box. See my other posting in this story titled AppleTalk exploits.)
As for security, AFAIK, there have never been any exploits. Very few things on Mac work in such a way that there could even be such a thing as a format string attack. You probably wouldn't find a lot of buffer overflows. Originally, MacOS was all done in Pascal, with a length byte for all strings instead of the zero-terminated C strings.
Even if you found a buffer overflow... What could an exploit do? There is no command shell. No pipes. No command line. No handy large library of pre-installed stuff like telnet, ftp, tftp, bash, netcat, etc.
This is probably why Mac OS has always been the most secure. There is nothing there to exploit. Even if you run a MacOS hosted web server, there just isn't anything there to exploit.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
Sounds like you need to go to a MacOS only solution
That depends on the problem definition.
In this case, the problem is:
I've got a Linux box at home. I want to access files on it from work. AFP over TCP is great -- except for the plaintext password.
In this case, a Mac OS only solution, wouldn't be a solution at all. I also have some Macs at home and access two of them over the Internet in the same way. (Some of them are really old.) But only in the case of the Linux running Netatalk is there a security issue.
I wouldn't dare do this with samba to allow my Windows box at work to access my home directory at home over the Internet. I think there's just not enough people who know to grab passwords out of the AFP over TCP protocol.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
It's called Program Linking. And I had forgotten all about it. You're right. You could execute a remote script, if Program Linking were turned on. Not just in AppleScript either, but in any language for which you have a suitable scripting agent installed.
Still, this is not exactly like having a shell. But you could, theoreticaly, send suitable AppleEvent's to the Finder to manipulate files, launch programs, etc. Of course, I suspect the knowledge to do this is not common to most crackers who seem to confine themselves to Unix & Windows.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
Thanks for the info. I stand totally corrected.
I am running SuSE 6.4, shipped in April 2000. Over a year old. I tend to install every update I can get my hands on. But I'm running the Netatalk that SuSE provides.
I'm looking forward to updating to SuSE 7.1 soon. Maybe this will improve the Netatalk.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
Mac users won't turn on any of them except for Mac file sharing, which should be pretty safe; I don't know of any AppleTalk exploits.
Just because there are no exploits, doesn't mean you have security. (See my last sentence below.)
I remember from an Apple developer's conference about 1987 (yes that's EIGHY seven) that when the password traverses an AppleTalk network, it is DES encrypted, or something like that.
In recent years, you can use AFP (Apple Filing Protocol) over TCP as well as over AppleTalk. Now I don't know about Apple's implementation of AFP over TCP, but when I use a Netatalk server on a Linux box, the password is in the clear. Apparently, Netatalk doesn't have or use a UAM on the Mac side to scramble the password. Even bad ol' Microsoft does this -- although you need to use a custom UAM from MS to access AFP on an NT Server from a Mac. But it's easy, just drop the UAM into your System Folder. And has been this way for years. (UAM = <something> authentication module, or somesuch.)
At home, on Cable Modem, I have a Linux box, static IP, domain name. At work, using my Mac I sometimes mount my home directory using AFP. It's so easy. Just go to the chooser, mount it, etc. My home directory from Linux at home on my Mac desktop at work!
I've often suspected that the password goes naked (in the clear). I just now positively confirmed it. I ran Ethereal (from a Win98se box), while I mounted my home directory from home (Linux) to my Mac desktop. Yup, the password is in the clear. It's right there in the packets.
The next logical step is to write the cute dude responsible for dsniff to see what the possibilities are to get dsniff to reveal AFP passwords over TCP.
The irony of this is that Mac mounting an AFP server volume is insecure only when the server is a Linux box. (well, actually Netatalk)
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
You mean like RevRDist?!
Damn -- I was surpised to hear that what I was doing in 1997 has only this year become possible. If only I had listened to informed people like you, then I would've known better.
Seriously though, RevRDist is great stuff. If you like Macs, especially if you work with them, you owe it to yourself to learn how to work it. It takes some hacking: ResEdit, diffing files, understanding the Gestalt function, etc. It saves alot of work and maintenance in the long run, and you learn a lot about the MacOS at the file/resource level.
Democracy. Whiskey. Sexy. Pick any two.
Nonetheless, it's part of the MacOS distribution. And since you'd need a copy of some MacOS anyway for this hypothetical clone hardware, you'd get all the needed files (as evidenced by the fact that you can take a blank HD that has had nothing to do with Apple and install successfully on it).
The ROM in ROM is also known as Open Firmware; it's covered by an IEEE standard (off the top of my head, 1275?) and is also used by Sun (and I think a few other Unix-hardware makers) for their hardware. Not exactly proprietary...
Apple's got themselves in an interesting situation here. The more low-level stuff they put out for all to play with, the harder they lock down the high-level stuff.
Seems to me that Apple's in kind of a strange situation -- Darwin makes Mac cloning possible, at least for small operators. Apple needs to do some fast thinking at this point -- going completely Open Source is a good idea because MS-style licensing enforcement at this point goes out the window. But that means they need to start moving boxes, and more importantly, motherboards.
No doubt this is an interesting place for Apple to be working. They are giving up control, hopefully looking ahead to a point where software licensing is meaningless. That's good. Giving away an extensible crypto architecture is even better (not to mention that it makes hash of what little is left of export controls on crypto).
Apple should stay the course. Their next trick, though, needs to be establishing a commodity PowerPC hardware market. I'd be interested to see how that can be pulled off...
/Brian
It's open code, so any back doors are exposed. You can hide that sort of thing in binary, but not in source.
I am the one true god. However, as an atheist, I don't believe in myself. I guess I have a self-esteem problem.
that some genius NSA agents have somehow subverted compilers so that they magically realize that they are compiling security-related code and insert a back door into one's code. If you compile the code, I'm sure it's clean. no need for a "secure" compiler. In fact, I don't even know what that would be. All I was saying is that usually you can't see the code that makes the binary so you dont' know what's in it.
I am the one true god. However, as an atheist, I don't believe in myself. I guess I have a self-esteem problem.
This may be somewhat redundant, but Apple does not recommend the use of Voiceprint unless the user has a high quality microphone -and- has the audio inputs set to 16 bit / 48 kHz. It's too easy to defeat otherwise.
what is clear, and certain, is that neither one of you trolls matter even as much as a gnat buzzing around an elephant... go fuck off and die, s'il vous plaît, il y a un bon garçon
Wouldn't you need at least shell access to exploit that? All remote logins are disabled by default so wouldn't one have to be in the same room as the machine to exploit? To wit, you could only hack en masse is you were in a very big room with lots of X boxen. Or am wrong.
It seems not long ago there was a story about Apple taking from Open Source and not giving anything in return. Proof that they have. No, it's not the entire OS like many would want but it's better than many for-profit companies (ahem..Microsoft).
Baby steps people.
No - Microsoft bought a pittance of non-voting stock some years ago and promised to continue producing Office for the Mac to settle some pesky lawsuits Apple had brought against them.
Sorry. Forgot to grammer check. Duh.
/. has such low standards ;)
Thank god
Blarf.
Oh yeah! Well we can perform code signing AND encryption operations while maintaining the security of the cryptographic keys AND chew gum AND standing on our heads, walking backwards. Did we mention that it will cost a lot more?
Blarf.
the keys that the NSA will want.
The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
Its good to see apple getting into secure
communications. At least some segments of end
user population will start using crypto on daily
basis.
Apple is notorious though for looking at something
that has potentia (gui, networking) and taking
clean page, start from scratch taking some ideas,
make so-so implementation and start selling it,
like its the only thing acceptable to end users.
What should've happend is they should at least
bought out PGP industries, and cut time and
development costs, but that would be alot like
Microsoft. Or should've taken GPG framework and
promote just that. Just do code audit, compared
to whole redesign. GPG should be LGPL, I think,
because it sole purpose is not to compete with
PGP, but rather get everybody to use crypto
whatever the cost is. Now starting to use crypto
is somewhat time consuming and cumbersome.
There are too many standarts, as from end
users prospective.
This is overall good move from Apple's side.
I hope they will not make crypto that is licenced
default in whatever software/recommendations, so
we all can communicate, by lowest common
denominator cipher that is available.
Unless Apple releases it's code for Microsoft systems (it might, given it's streaming server and Quicktime softwares).
Apple code for Apple OS, right?
Geek dating!
GPL Deconstructed
Here's hoping someone at Apple fixes this before someone else not at Apple finds a way to hack the soon-to-be-masses of Mac OS X boxen en masse.