New ask Hacker News story: Ask HN: Should I open source my licensing server?

Ask HN: Should I open source my licensing server?
7 by keepamovin | 9 comments on Hacker News.
Recently developed an in-house "zero trust" license server based on PKI idea, blockchains, and proof-of-time, to convert a regular "vendor hosted" license server, into one that can be hosted on the buyer side. A lot of anti-piracy goes into obfuscation, and while I consider that defense-in-depth, I also consider obfuscating client-controlled code useless, and tried to make the system depend on cryptographic guarantees as much as possible. No such system where possibly adversarial clients control the license server, especially in an offline scenario, is perfect, but with immutable secure logs, and PKI chain of trust through a hierarchy of root authorities, I think we have a fairly solid approach. Open sourcing might lay bare some flaws which could be fixed. Or it might lay bare some flaws which could be exploited. This is mostly theoretical, we will probably not OSS it right now, but I consider it a useful exercise to crowd-think through the possibilities. In the rare chance that it is actually something novel, secure and useful, it might help other companies secure their deployments in a zero trust way.

Comments