Slashdot Mirror
Command-Line Crypto From Phil Zimmermann, Again
They aren't paying for a pretty logo. The real reason is that the GUI version of PGP (along with other graphical encryption software, like the GNU Privacy Guard) aren't even in the same market.
Casual computer users have never laid out much money for encryption. The widespread use of PGP in its original incarnation (during the era of Zimmermann's prosecution for allowing it to be exported) can be attributed as much to its zero-dollars price as to a generalized interest in privacy. Home and hobby users are not cut out from buying Veridis's software -- for about a hundred dollars, you can buy a personal use version of the command-line version. The real money isn't in individuals keeping their tax records private, though -- Zimmermann and Veridis, like NAI (whose PGP-based product is called E-Business Server) are really aiming at commercial and governmental datacenters, and for customers willing to accept a much higher pricetag.
Insurance companies, banks, credit card processing centers, state records -- anywhere financial or otherwise confidential records are exchanged or stored en masse -- these all need encryption which works at the command-line. More precisely, they need crypto software which can work without direct human intervention at all. Instead, massive data centers need tools which can be called by scripts and other programs, so servers, or server farms, can spend their time crunching numbers rather than drawing pictures.
The name is familiar ... The commercial competition FileCrypt faces is familial -- it's the same product from NAI (sold from their McAffee division) that prevents Zimmermann and Veridis from calling their software PGP, even though NAI now labels their product E-Business Server. And though many companies have homegrown cryptographic solutions, Zimmermann says he knows of no other packaged software offering the high-volume encryption that the products from NAI or Veridis do.
And, he emphasizes, what they do is very similar. He says of the Veridis command-line product compared to NAI's, "It's drop-in compatible, identical in operation ... you could run the same perl scripts, the same command-line arguments."
If you want to buy Veridis' encryption software licensed for electronic commerce (not one-person use), hold onto your wallet: the price jumps about 50 times, to a shade under $5000, which Zimmermann describes as a bargain -- at least compared to the competition.
(Prices on the McAfee website show a one-year subscription-based license for E-Business Server starting at $6,875; $14,375 buys a perpetual license, with no included support.)
Both sides of that fence. And of competing in this case with a product that originated from his own crypto software (and his own company, PGP Inc.), Zimmermann says "I just don't really think of that as my product any more. It's in the hands of NAI, all the engineers have been fired. I just don't feel psychologically connected to that product." To look and not to sell. Especially when it comes to cryptographic software, code openness is considered not just a virtue but a near necessity. Peer-review and independent auditing, after all, are about the only ways you can tell that software isn't shuttling credit card numbers to the wrong person.The business model of selling high-priced crypto software at thousands of dollars per processor doesn't mesh well with gratis software, though. To that end, Zimmermann says the FileCrypt code will be soon be available for download and inspection under terms which he says will be similar to those under which users can download the code for PGP Corporation's version of the PGP-based desktop software. (PGP Corporation's terms are available though their source code page).
The look on his face is so smug, like, ha ha, "I have no such non-compete agreement with NAI", so I'm gonna screm 'em!
--naked
Very popular slashdot journal for adul
"Confusingly enough, this software is produced by a company called (Veridis), and doesn't say PGP on the box, because legally it can't. Network Associates, which acquired PGP Inc. in 1997, still holds the rights to that name..."
.. maybe I can sneak out past Milton...
I'm sure PGP is important, but I can't remember what the acronym stands for --don't drift, don't drift off, focus buddy you can hang in there...
"...when NAI spun off PGP to PGP Corporation in 2002, they held onto the command-line version. OpenPGP, for whom Zimmermann serves as a technical advisor (as well as a reseller),..."
Almost five, it's about time to pack up and leave here, I wonder what's on TV tonight, probably nothing, Friday night blows. Need to get Road to Rome, but the flunky at Best Buy, who doesn't know his ass from a hole in the ground, said they're getting another shipment today, so probably need to go by there after work...maybe pick up mgs2 for xbox while I'm at it. mmmm xbox....
"...is contractually unable to sell a command-line version. (He is on the board of Veridis as well.) But why introduce a text-only version of utility software, anyway, when the GUI-fied desktop version has been maturing for years and costs less?
"actually, if I send Bill Lumberg my tps reports now
"This isn't a study in computer science, its a study in human behavior"
Command line? This is Windows damnit! What we need first is a COM object interface distributed in a DLL. Then any application will have access to it with minimal fuss and piddling around ensuring the utitlity is on the commandline. For those who want a command line version, it will then be simple to add a console-based facade to the COM DLL.
See my journal, I write things there
The web form to purchase the product does not appear to be an ssl secured form...
http://www.veridis.com/openpgp/en/buy2.asp
include $sig;
1;