Re: Non-forgable authorization keys for shareware registration

From: Andrew Swallow (am.swallow_at_eatspam.btinternet.com)
Date: 10/27/03

  • Next message: Marcel Martin: "Re: NSA chooses ECC" 
    Date: Sun, 26 Oct 2003 23:23:59 +0000 (UTC)

    "Andy Robinson" <andy@seventhstring.com> wrote in message
    news:byO$fhAneBn$Ewsj@seventhstring.com...
    [snip]
    >
    > Your description above gives me plenty of things to check out, but I'm
    > not entirely clear why I need the "ID"? Or at least, I'm not clear why
    > it needs to come from the user or be made permanent. Can't I just pick a
    > serial number (increment by 1 for each new authorization code I issue),
    > sign it, and send the serial number concatenated with signature, to the
    > user? Possibly you are thinking of tying the authorization code to one
    > physical computer but I don't actually want to do that as I think it
    > would generate support headaches.
    >
    The problem is that unless the software can be locked
    onto a single computer it can be copied onto lots of other
    computers. You get one fee, they use it on 10,000
    computers. This can happen with a) corrupt organisations
    or b) your email can get copied onto a news group.

    If you sell site licences a user supplied secret password
    will tend to keep it within that organisation particularly if
    the name of the organisation forms an active part of your
    email. (Ensure that you do not include the password in
    your reply.)

    Most browses have a "Save As" facility that allows an incoming
    email to be saved in a file. Such files can be read directly
    by your software and can contain several complex fields,
    a simple thing that makes it easier for you users.

    Andrew Swallow

  • Next message: Marcel Martin: "Re: NSA chooses ECC"
    • Quantcast