Forgot your password?
typodupeerror
Encryption Security

Will Expiration of RSA's Patent Unencumber SSL/PGP? 85

Posted by Cliff
from the breaking-the-patent-wall? dept.
petej asks: "Big companies with valuable patents usually don't put all their eggs in one basket. It's common practice to build a "patent fence" around the main patent, so that when the main one expires, the others preserve the company's hegemony on their technology. When the main RSA patent expires next year, will there be any other RSA patents that might cover and encumber PGP or OpenSSL? Will we really have a freely available SSL toolkit in OpenSSL, or will we still be forced to buy an RSA license because of some other patent?"
This discussion has been archived. No new comments can be posted.

Will Expiration of RSA's Patent Unencumber SSL/PGP?

Comments Filter:
  • by Anonymous Coward
    This would certainly be a good tactic to help restrict the spread of strong cryptography...

    The only thing I remember hearing is an extension on some copyrights--just in time to keep old movie copyrights and such from expiring. Anyone else hear of any patent extension?

  • by Anonymous Coward
    RSA Security's own site says that the patent on RSA runs out in 2000. see: http://www.rsasecurity.com/rsalabs /faq/6-3-1.html [rsasecurity.com]
  • by Anonymous Coward
    The poster above is correct, Canada's crypto export laws are *MUCH* different than those of the US. The OpenBSD project, which is based in Canada, has excellent resources on this subject, viewable here [openbsd.org].
  • by Anonymous Coward
    Sure. ECC is pretty much patent-free. There are a few very specific algorithms that are patented (most of them pertain to ECC's efficient hardware implimentation, however) The core of ECC is completely free though. And recent ECC cracking challenges have demonstrated that it is a WHOLE lot more secure than RSA (it took a longer period of processor time to crack a 97-bit ECC key, which is considered to be the equivalent of the 512-bit RSA key, than it did to crack the 512 RSA key). ECC simply does not have any known subexponential-time attacks, while RSA already does. Yes, they maybe found in the future, but they already exist in RSA, so at this time there is no question that ECC is more secure than RSA. I believe that it is time to throw RSA out the window because of the very fast recent attacks on the system. It is true, we might want to wait a bit before jumping on the ECC wagon and declaring it the most secure cryptosystem ever, but regardless of that RSA should not be trusted to protect any sensetive information (especially if it is needed to keep that information secure for a long period of time). Choosing longer RSA keys is simply not a solution to the problem, since in a few years down the road these keys may be easily cracked as well.
  • by Anonymous Coward on Tuesday October 05, 1999 @02:43PM (#1635494)
    After a quick browse through, most of these look irrelevant to basic use of RSA in PGP. However a few are very irritating, like the 1995 patent on timestamping [ibm.com]. The abstract describes it like this: send a hash of your document to a timestamp authority, and they add the current time and sign it with their private key. Prevent cheating either by using a sequenced chain of timestamps or by basing your selection of timestamp authorities on the document hash. Gosh, who woulda thunk it?

    Patents on crypto algorithms don't bother me that much, but when they start patenting the kinds of ideas that I think up when I'm driving I get pretty pissed.

  • by Anonymous Coward on Tuesday October 05, 1999 @02:48PM (#1635495)
    Perhaps I'm nit picking... But please be careful. Our laws regarding encryption exports are not *AT ALL* the same as the US Laws. If something is produced in the us, and is under US export control, then we recognize that and place the same controls on it. This is the price we pay for getting easy access to it. (US export restrictions don't apply to Canada) If it's developed anywhere else, in Canada or otherwise, we can do whatever we want. (nearly) If it's in the public domain, there are absolutely no permits or anything required. If it's a business venture, there are export permits necessary.. but this is no different than those necessary for any other export.
  • by Anonymous Coward on Tuesday October 05, 1999 @02:37PM (#1635496)
    Aside from the Diffie-Hellman and RSA patents, they also hold the Hellman-Merkle patent and the Schnorr patent. These will not expire until later, in the case of the Schnorr patent in 2009 or so. Incidentally, RSADSI has repeatedly claimed that algorithms like ElGamal are covered under the "Merkle knapsacks" patent, so it is not true that (packages such as) GPG are undisputably patent-free.

    The Schnorr patent covers some of the knowledge-proof protocols that are used when using public-key crypto systems for contractual things
    (I think... it's been a while since I've read the literature =) so it's still an issue when cryptography is used to enforce standards of behavior and such. It might also have an impact on things that Free Software projects are planning in the future.

  • Is RSA still important? If so, what niche does it fill?

    RSA is still very important because it is the de-facto standard for asymmetric encryption. Other PK algorithms (DH) are much more cumbersome to use in a disconnected environment, and AFAIK no other PK algorithm supports multiple recipients and signatures as easily as RSA.

    There is a lot of infrastructure already using RSA. There is little point in throwing it all away when the algorithm is going to be free by the end of next year.
  • by dmiller (581) <djm@@@mindrot...org> on Tuesday October 05, 1999 @01:52PM (#1635498) Homepage
    RSADSI is a big company who depends heavily on the RSA algorithm for their revenue. You can bet that they have scores of lawyers who will try to intimidate anyone who tries to use the RSA algorithm after expiry.

    They would probably not win any case that made it to court, but that is enough to scare many smaller companies into purchasing a license. Most of the larger companies already have licenses.

    PGP (2.x at least) still uses the IDEA algorithm which is patented by Ascom Systec [ascom.ch] of Switzerland, so it is not totally free.

    GnuPG [gnupg.org] does not use any patented algorithms and is a much better product anyway. There also exist plug-in RSA implementations which allow it be backwards compatible with PGP 2.x.
  • Really, the important patent was the patent on Diffie-Hellman key exchange, since this was the first public key algorithm. Since it has already expired, it's already possible to build totally free SSL/PGP workalikes without any patented code. You just need to add a free symmetric key cryptosystem like Blowfish or triple DES.

    Right, and that's what GPG [gnupg.org] does, at least for the PGP equivalence. The 1.0 version came out a month or so ago.

    Unfortunately, such a program is indeed a "workalike", but it is not compatible with existing systems. SSL with RSA/RC4 and PGP with RSA/IDEA have large installed bases, and unencumbered software cannot be compatible (until all the patents expire).

    -Doug

  • The Merkle-Hellman patent expired in the US in 1997 (see Schneier's book). It was issued later in some other countries, so it probably still applies there; I don't know much about how patent systems work in other countries. If other countries have 17-year patents, then the only extant patents are in Switzerland and Italy, due to expire in January 2000 and September 2002 respectively.

    Furthermore, GPG uses ElGamal, which, again according to Schneier, was considered by PKP to be covered under the D-H patent, which expired over two years ago. RSADSI doesn't hold the patents; PKP does. So it doesn't matter what RSADSI thinks.
  • Does that make it a newer IDEA? :)
  • The above statements on RC4 are entirely true. It is worth noting, however, that an algorithm called ARCFOUR is an internet draft (possibly RFC by now) before the IETF. As the name implies, it is a description of an RC4 compatible algorithm. I believe it is proposed by Rodney Thayer of the IPSEC community.

    In any case, RC4 is less useful than RC2 in contexts other than TLS since it is a stream cipher and therefore rather harder to use securely.

    My company has done extensive research into the issue of the RSA patent and has talked to many other companies in the field. We are certain that the expiry of the patent in September will leave RSA as used in modern protocols totally unencumbered.

    While, DSA and DH-EG are very good algorithms, each has its own quirks and you still need two sets of keys. Whil ehaving separate signing and encryption keys is very good security practice, it can be inconvenient for some sets of applications. In addition, RSA is by far the most widely implemented algorithm and so it is very important for interoperability between implementations and across standards. The Thawte example above is quite common in the PKI industry.

    It is worth noting that an industry rumour has it that RSADSI make about 50% of their money from litigation, 25-30% from the RSA conference (now really a trade show), 10% from patent licensing and the rest from licensing of toolkits. Of course, this is entirely hearsay.

    In fairness to RSA, they do at least appear to plough a lot of this money back into research through RSA Labs who do a lot of important work.
  • ... when they start patenting the kinds of ideas that I think up when I'm driving I get pretty pissed.

    Agreed, but that very fact probably makes the patent invalid. In order to be patentable, an idea has to be innovative, not something that would be obvious to anyone with a working knowledge of the area in question. Of course, the patent offices don't tend to have the required working knowledge, and so issue patents that they really shouldn't. However, the fact the the patent is issued doesn't make it valid, and it's unlikely to stand up in court. That doesn't help when J. Random Corporation has millions to pay lawyers and you don't, though...

  • The real reason for copyright extension was because the content barons (Disney and such) would have lost control of their older films. You can bet that when the extension expires, there'll be another one; unless, by then, copyright has been turned into an in perpetua property right, like land titles. (Which is quite probable; the megacorps which have the money to influence Congress would want it this way.)
  • A perpetual extension would be clearly unconstitutional

    So's much of the War on Drugs (civil forfeiture, for example).
  • RSA has its niceties, but we've got other nice open algorithms in place. Same with PGP - it served its purpose, but now we've got GPG. So, I mean it when I ask:

    Is RSA still important? If so, what niche does it fill?

  • I think you missed the point of my question. I'm very pro-crypto, but I'm not as knowledgeable as I would perhaps like. I know that strong crypto is absolutely positively critical to freedom and commerce, but I didn't know exactly why RSA itself was so important.

  • So anybody already using RSA's algorithms (which are mandatory for SSL, as near as I an tell)
    Let's hope that Netscape/AOL doesn't sell the SSL patent to RSADSI. So far I haven't heard of any plans on the part of Netscape/AOL to enforce the patent, but I'm sure RSADSI would love to get their hands on that patent and charge everyone running SSL big bucks. Then they would be able to do the same thing as far as only licensing their own implementation.
  • by drig (5119) on Tuesday October 05, 1999 @03:30PM (#1635509) Homepage Journal
    The RSA cipher and any uses of it will open whn the patent expires. This means that US citizens will finally be able to use the RSA implementation in SSLeay/OpenSSL, or roll their own.

    The RC ciphers, RC2, RC4 and RC5, are copyrighted. The names are trademarked. This means that you can not use RSA's code, or the names RC[245], without RSA's permissions. But, you can use AAILRC5EFTN, An Algorithm Incredibally Like RC5 Except For The Name. Basically, RC5 (or 2 or 4), but named different.

    BSAFE, now known as Crypto-C, is a product of RSA's, just like any other software product. You will still need to buy it if you want to use it.

    RSA's strategy is to move upwards in the food chain, while continuing to promote Crypto-C as the best of breed. They are making PKI toolkits now. PKI toolkits give developers the ability to handle authentication, do work with certificates, and do other, Public Key stuff that relates to Infrastructures. OpenCA would mimic one portion of RSA's Keon offering.

    Crypto-C will now be sold a little differently. Instead of "you have to pay us anyway, why not just buy the toolkit", it's now "this is the absolute best crypto toolkit and you should buy it". And they have a point. Crypto-C is highly optimized for all sorts of platforms, has been continually reviewed for security by RSA Labs, has been ported to a huge number of platforms,is easy to work with, and generally an all-around righteous toolkit.

    Most /. readers won't want to buy Crypto-C. It's enormously expensive. RSA can now focus on selling to huge companies and not twiddling around, suing the little guy. Frankly, I think the patent expiring will be the best thing for the company since Bidzos joined the board.
  • I find myself wondering how well a change turning copyright into an in perpetua right would stand up to someone with sufficient funds and the following, taken from Article 1, Section 8 of the United States Constitution [loc.gov]:

    [The Congress shall have the power] To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;

    Obviously, those of us with no money have little chance against the content barons. But hey, someone with a lot of money might be influenced to produce and redistribute the original version of a certain squeaky-voiced mouse. It could happen.
  • Congress shall pass no ex post facto law. In other words, you cannot be convicted for something if you did it before that law was enacted (If the flag amendment passed, I sense a lot of flags will be burned the day before any such law goes into effect, but I digress). I would think that extending the duration of copyrights would be held to be ex post facto.
  • if you show no interest in patenting your work during the post-disclosure window, someone else who sees value in it can patent it.

    Not necessarily. Your work can be considered prior art, which can invalidate a patent in a number of different ways. Patents are supposed to extend the prior art, not duplicate it. Of course, IANAL. YMMV. HAND. *

    --Joe

    (*For the Usenet acronym impaired: I Am Not A Lawyer, Your Mileage May Vary, Have A Nice Day.)
    --
  • PGP (at least in version 2.x) uses RSA only to encode the session key, and then uses IDEA (a symmetric-key algorithm, which is also patented) to encode the message. I don't know when this second patent expires or if it is licensed for free software use.
  • > RSADSI is a big company who depends heavily on the RSA algorithm for their revenue. You can bet that they have scores of lawyers who
    > will try to intimidate anyone who tries to use the RSA algorithm after expiry.

    They have already made some threats about having a trademark on calling the algorithm "RSA," which is of course absurd.
  • If GPG uses IDEA, then it is only in a plugin. From the homepage:

    Supports ElGamal (signature and encryption), DSA, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER.


  • Unfortunately, such a program is indeed a "workalike", but it is not compatible with existing systems. SSL with RSA/RC4 and PGP with RSA/IDEA have large installed bases, and unencumbered software cannot be compatible (until all the patents expire).


    RC4, interestingly enough, is essentially a free algorithm; unlike some of the other RC algorithms it is not patented. It was protected as a trade secret for many years, but eventually the source code (maybe reverse engineered from Netscape or something) escaped to Usenet. So you can use RC4, you just can't call it that. Which is why ssh calls it arcfour.
  • by daw (7006) on Tuesday October 05, 1999 @02:05PM (#1635517)
    Really, the important patent was the patent on Diffie-Hellman key exchange, since this was the first public key algorithm. Since it has already expired, it's already possible to build totally free SSL/PGP workalikes without any patented code. You just need to add a free symmetric key cryptosystem like Blowfish or triple DES.
  • Bruce Schneier is a very nice guy and has done a lot to popularize cryptography and fight common misconceptions about cryptography. However, I still think that if he had made a breakthrough in cryptography of the same magniture as RSA he would have patented it.

    The fact that he made Blowfish free is not an indication - what would he have to gain by patenting it? Another patented symmetric algorithm which nobody but Counterpane [counterpane.com] would use? This way, he got a lot of publicity and good feelings from the community.
  • IANAL, but I had a meeting with one a few weeks ago about patents. I learned some interesting things. Most interesting (and distressing) to me was when I learned about what "disclosure" is actually about.

    Basically, when you a) offer for sale or b) publish your work, you're "disclosing" it publicly (even if you sell it to a client who's under NDA, you are "offering it for sale", which means it's been disclosed).

    From the time of disclosure, you have one year to "patent, or get off the pot". However, if you don't start your filing process either before you disclose, or real darned soon thereafter, someone else can! That is to say, if you show no interest in patenting your work during the post-disclosure window, someone else who sees value in it can patent it.

    Of course, to a Free Software / Free Hardware / Free Ideas zealot like myself, this is a pretty appalling state of affairs. What it means to me, in a nutshell, is that I have to go through the cumbersome and expensive process of patenting my "novel inventions" (and, in this day and age, even my "totally fscking obvious inventions to anyone with two brain cells to rub together"), in order to keep them from, basically, getting pirated.

    That means that I cannot simply disclose and rest secure in the knowledge that the freedom of my ideas is protected, and that they will remain free from the moment of disclosure thereafter.

    That sucks.

    (ObDisclaimer: IANAL, and I may have horribly misunderstood this, but I did ask a great many questions of this poor guy, and attempt to clarify that I was actually hearing what I thought I was).

  • My thoughts exactly. Sort of a GPL but for patents instead of copyrights.

    What would you call it? Patent already means according to Merriam-Webster's:

    4. affording free passage : UNOBSTRUCTED

    6. archaic : ACCESSIBLE, EXPOSED

    (In addition to the obvious meaning of protected invention)

    So open-patents would be kind of a tautology, even though not in practice. I can't think of any snappy words like copy-left for a free-software patent license.

    EjB
  • If he comes up with something that's really a breakthrough, it would be a very good idea of him to patent it, license it to everyone for free but with the condition that anyone who uses it cannot assert crypto patents against other parties.

    Netscape does this with their SSL API patent (granted, their patent is IMHO questionable) but they grant an automatic royalty free license to everyone to implement or use the SSL/TLS protocols, on the condition that they assert none of their own patents against other parties for implementing the SSL/TLS specs.

    EjB
  • Too bad it doesn't run on MacOS and PGP does... Anyone tried it on MacOS X Server / MacOS X?
  • Of course it matters.
    RSA is a perfect fine algorithm.
    Lots of folks have RSA keys. GPG's disdain for RSA
    because of the patent is a major pain in the arse
    to a lot of us. It basicly renders it useless if
    we're dealing with someone with an RSA key.

    Of course we want RSA if the patent encumbrances lapse!
  • I believe patents used to be for 17 years in the U.S, but were recently extended to 20 years to match the international standard. Apparently all non-expired patents got the benefit of the extra three years, because if you look in Applied Cryptography there is a table showing that RSA and DH should have *already* expired. So we would have had these patents already if not for the fact that they were just about to expire when the patent term got extended and thus got a free three year extension.

    Patents are an interesting topic, because they are designed only partially to be for the benefit of the person getting the patent. They are also designed to reduce the number of "secret" technological developments and *increase* access to new developments. A person applying for a patent must disclose *all* of the technical details of the invention they wish to patent, and these details become public when the patent is granted. Also the term of the patent is for a fixed, non-extendable term, and at the expiration of that term the patent moves into the public domain.

    Unfortunately the 20 year term is a bit long in my opinion in these days of "Internet time".

    Of course, IANAL.

    G.
  • by crow (16139)
    Let's keep this straight:

    I think copyright protection was recently extended to be consistent with EU law.

    The patent protection extension was based on drugs that have to be approved by the FDA. Since drugs often take so long to be approved, the drug companies wanted to know that they would have a certain length of time during which they could use the patent. As I recall, the patent protection was to be 20 years or 15 years after FDA approval in the case of drugs.

    So no, software patents have not been extended on us.
  • The RC ciphers, RC2, RC4 and RC5, are copyrighted. The names are trademarked. This means that you can not use RSA's code, or the names RC[245], without RSA's permissions. But, you can use AAILRC5EFTN, An Algorithm Incredibally Like RC5 Except For The Name. Basically, RC5 (or 2 or 4), but named different.

    This isn't correct. RC5 and RC6 are patented.
    RC2 and RC4 are the only RsC without patents. RC2 is still a trade secret, but you can use RC4 as long as you don't call it "RC4".

    I wouldn't suggest using RC4, regardless of its IP status: its avalanche properties scare me a bit. It takes ~1000 bytes to get the state really mixed up, which means the key setup isn't adequate. I would *much* prefer to have something like Blowfish as the standard.

  • by gbroiles (22589) on Tuesday October 05, 1999 @07:42PM (#1635527) Homepage
    First, don't forget (if you ever knew) that Netscape (now AOL) holds a patent on SSL itself [ibm.com]. In the past, Netscape's policy was to freely license the patent to anyone who agreed not to dispute its validity, but I don't know if that's AOL's current policy, or if they'll change that in the future. There are also 14 patents which reference the SSL patent.

    With respect to RSA (the company)'s control over RSA (the algorithm) it will, indeed, end on 9/20/2000 - but that means one thing to open source developers, and something else to developers who are using BSAFE or one of RSA's other toolkits.

    For several years now, RSA has been very, very reluctant to issue a bare patent license for the RSA algorithm. What they will cheerfully do is give you a license to use the patent, so long as you also use their (licensed) object libraries which implement the code. This leads to continued control over the market after 9/20/2000 in two ways: by forcing licensees to recompile using other crypto libraries, since the libraries themselves are still covered by copyright even after the patent expires; and by limiting the number of competitive libraries and programmers with experience writing/using those libraries, since it hasn't been legal (in the US) to create them.

    Consequently, developers who have been using RSA-licensed proprietary object code thus far will likely continue to use it (and to pay royalties to RSA) even after the patent expires. Developers who have been using open source libraries like SSLeay and OpenSSL will be well-positioned to take advantage of the expiry. The two lead programmers on the SSLeay project, Tim Hudson and Eric Young, have been RSA employees for about a year now, so updates to the package won't come from them. (See http://www.cryptsoft.com/~eeay/ [cryptsoft.com] for more on that.)
  • But GPG uses IDEA, how can it be patented?
    ---
  • Yeah, I realize that, but it isn't real open source, is it?

    Somehow, I think people might object if your "open source" licence specified that the code can only be exported in paper form.

    I mean, can you imagine working on a software project like that? You want to check in a change, so you send it via snail mail to the central repository, where someone scans in your change, and checks the code back in.

    So, can RSADSI legally export their source code (in electronic form)?

    I guess they could send their code (in paper form) to an overseas subsidary, and the distribute it from there. Could they do this?

  • I was going to write that RSADSI could Open Source their products, and that they would probably do quite well out of it at the moment, because it would let them pick up on the favourable buzz surrounding Open Source companies at the moment. (Open Source, E-Commerce & Security.. Gee, there is a market!)

    BUT then I realised that they probably cannot, for legal reasons. Quite apart from the patents, they still cannot export (all) their sources despite the recent Crypto law reforms, can they?

    Can someone expand on this, please.

  • So, the free algorithm has to be called RNR, meaning (of course) RNR's Not RSA.

    JMC

  • no no no. once its exported in paper form and scanned in its in electronic form. You simply upload any changes you want provided youre outside the USA. They cant export in electronic form of course...but they do send their source to pgp international who scans it in and distributes it electronically.
  • RIPEMD-160 is a hash function not covered by patents. Its fairly trivial to convert it to an encryption system and/or public/private key style crypto..altho it might reference some anal patents if you did that. im not familiar with any others and have mainly used RIPEMD160.
  • You'd think ordinary ideas were'nt patentable. But right now they are. It doesn't matter that it's "obvious", it just matters that it hasn't been done before, isn't already out there, and is commercially useful. If you meet all these things, the courts will uphold your patent on obviousness grounds. Don't yell at me, I don't like it either. But them's the truth.
  • by doogieh (37062) on Tuesday October 05, 1999 @02:17PM (#1635535) Homepage

    The RSA patent [ibm.com] is referenced by 174 newer patents. That means that (at least) 174 other people have similar "inventions", some real, some questionable, which directly use the RSA algorithm. Here it is. [ibm.com]

    The problem is that its hard to tell what uses of RSA are actually covered by these newer patents. It doesn't matter whether the use is "obvious" to us, it's just impossible to tell what uses are covered without going through everything. Translation: RSA will be available soon, but it's use for almost anything commercial/useful will still be independently patentable.

  • by Hobbex (41473) on Tuesday October 05, 1999 @01:54PM (#1635536)

    Personally I have always been rather surprised that the field of crypography is so littered with patents everywhere. You would think that near genius crypographers like R and S would be the first to realize that the flows and uses of information can only truly to controlled by mathematics - and that attempts to do so by law, straight in the face of the very nature of information, are not only futile but ultimetly very harmful.

    It is thankful that there are also people like Schneier in the field.

    -
    /. is like a steer's horns, a point here, a point there and a lot of bull in between.
  • RSADSI may have a number of lawyers, but you have to remember that MSFT could easily field larger teams of lawyers, especially considering the firm's origins. Preston, Gates, and Ellis is the firm that Bill G's dad was/is a senior partner in, and, Justice Dept slipups notwithstanding, I would be surprised that a task force wasn't assigned to seeing if MSFT could grab up something in this area.

    Remember the MIT/MSFT deal - that was about patents which become the property of MIT, but grant a full unpaid license to MSFT.

    But, I must admit, GnuPG would be a better approach from the viewpoint of an unpolluted patent method, since it would be harder for big firms to patent it after it has become prior art.

  • A perpetual extension would be clearly unconstitutional [cornell.edu] (not that this would necessarily matter to the people in power).
    /.
  • From the time of disclosure, you have one year to "patent, or get off the pot". However, if you don't start your filing process either before you disclose, or real darned soon thereafter, someone else can! That is to say, if you show no interest in patenting your work during the post-disclosure window, someone else who sees value in it can patent it.

    Nope -- 35 USC 102(f):

    Section 102, Conditions for patentability; novelty and loss of right to patent

    A person shall be entitled to a patent unless--

    (f) he did not himself invent the subject matter sought to be patented


    /.
  • You would also think that they would realise that for their system/algorithm to be popular it would have to be easily implemented, and cheap. Maybe encryption would be more widespread today if this were the case.
  • PGP (at least in version 2.x) uses RSA only to encode the session key, and then uses IDEA (a symmetric-key algorithm, which is also patented) to encode the message.
    Yes, later versions of PGP do almost exactly the same thing (there is a choice of what method you use, so the old "fixed" choices of RSA/IDEA/MD5 are now just possible, supported options, but the structure remains the same)

    I don't know when this second patent expires
    According to the IDEA owner's site (www.Ascom.com [ascom.ch]) the US patent runs out in 2010, the european one a year after. Apparently, the Japanese one is Still Pending - after eight years????

    ...or if it is licensed for free software use.
    Licence hangs off the same page; basically, it is free for the Special Case of use by two individuals, using it for personal reasons, who have not paid anything for the software.
    Writing software that brings in money (even shareware, although there is a initial exception of the first 10,000usd in this case) requires a product licence, and "commercial use" includes the non-profit organisations normally excluded from that description (although they say they special-case such organisations, no details of what a charity might expect to pay are available on that site)
    --

  • I thought RC4 was symmetric.
    is it?

    by yet another completely uninformed question

    I thought rc4 was symmetric?
  • what a mess I made of that. Oh well. you get the drift.
  • Anyone know where the party is going to be on Sept 20th 2000? I thought I remembered cypherpunks or someone hosting a bash when the RSA patent expires.

  • I thought that the US Congress extended a whole class of patents another 10 years during the last session (in the spring if I recall correctly). I understood that this extension included some technology patents - including the RSA patents.

    I can't find any data to support my recollection, but I am SURE ;-) that I read this on a major news site.

    Anyone got any clarification?
  • Government employees developed those methods years before the commercial 'creators'. Prior Art.

    Even if that were true, you'd have to prove it in court to break the patent. What evidence do you have?

    Also: I understand there's some precident for the time the government has used a secret invention not counting against the time the public-and-patented version is protected. (Could be wrong - I'm not a patent attorney.)

  • This is what John Gilmore and the FSF did with the specs for their DES-cracking machine. They can't export the specs electronically because of munitions controls, but they can export a book because blocking a book would be censorship.

    Great loophole. I saw John speak at last year's RSA conference, and you should have seen the look of triumph on his face when he explained that not only did they publish the specs in a book, but they used a machine-readable font, put checksums on every line, and wrote "Scan this book!" on the cover!

    The book is _Cracking DES_ from O'Reilly: http://www.ora.com/catalog/crackdes/

    Dave
  • Q: You own a multi-million-dollar company and your product is about to become free to the public. What do you do?

    A: Fight for it.

    Don't worry, the Big Guys (tm) will not let people take their flagship product for free. The only way for RSA (or Microsoft for that matter) to let the public have its products for free is when conventional laws of logic and Common Sense (tm) stop working.

    By the way, many companies are a little behind in the Common Sense(tm) technology. :)

  • You're right, the laws are different. I wrote my post to quickly. Thank you for pointing that out.


  • While, DSA and DH-EG are very good algorithms, each has its own quirks and you still need two sets of keys. [...] In addition, RSA is by far the most widely implemented algorithm and so it is very important for interoperability between implementations and across standards.


    True. In fact, many products from large companies (IBM, Novell) do not even support DSA based ciphersuites.

    But if you are doing a security scheme where you have your own software components for both the server and the client, then DSA might not be such a bad thing.



  • Equifax supports DSA certs. Try to get in contact with one of their engineers. They were still sorting some things out last time I talked to them. I'm not sure they are "commercially" supporting DSA but they have the capability to do so and it could happen soon.
  • by Alban (86010) on Tuesday October 05, 1999 @02:35PM (#1635553)

    I work at a company that does telecom products. Our lawyers did a lot of research on the RSA patent. Some of you may already know this, but some of you might not:

    RSA
    ---

    RSA is protected by a US patent. Everyone knows this. However, the patent only applies to the US, which does NOT include Canada (some people think the RSA patent also applies to Canada since our crypto laws are identical). So if you are not an american company, you can sell your product WITH RSA all over the world except in the US.

    In the US I would suggest using DSA instead of RSA. Works very well. The only problem is that you will have trouble finding certificate authorities that support DSA (Verisign, GTE Cybertrust, etc... only support RSA certs). You might want to check these:

    http://www.equifax.com : they are supposed to have DSA support.

    http://www.arcanvs.com : they already support DSA certs.

    http://www.thawte.com : they support DSA certs BUT they are signed by an intermediate DSA issuing cert that in turn is signed by an RSA cert. So it doens't really work if you have to avoid using RSA. BUT, if enough people e-mail the president of Thawte and say they would like DSA certs they might provide support earlier... By the way, the president (Mark Shuttleworth) answers e-mails in less then a day and he knows more then just sales figures...

    Also, Thawte has the greatest test facility among all CAs out there! Just go in the "test" section on their web page. You can test everything, RSA certs, DSA certs, PKCS7 chains, etc.

    RC4
    ---

    RC4 is not patented, but it is copyrighted. Not the algorithm, but its implementation. However, as we all know the algorithm was leaked some years ago and today it is considered public knowledge since you can find it in any book. So you can use the algorithm FREE anywhere in the world if you make your own implementation without basing your work on an implementation that was done by RSADSI. You also have to rename the algorithm. You can't use the name "RC4". But you can use "AV4" for instance.

    If you are not using RSA then you might want to forget about RC4 because there are not SSL Ciphersuites that combine DSA (the RSA alternative) and RC4.

    MD2
    ---

    We also did some research on that (our lawyers actually) and you can actually use the name MD2 (unlike RC4) and use the alg. free if you can write an implementation independantly of any implementation done by RSADSI or the implementation found in the RFC.

    I don't know about MD5 because we used a library that gave us the right to use MD5...

  • The RC ciphers, RC2, RC4 and RC5, are copyrighted.

    WRONG. RC5 (and RC6) are patented by RSADSI, as well as trademarked. The actual patent is on data-dependant rotations [great, now they're patenting machine instructions...I wonder if I can get xor :)]. But anyway, you don't want to use RC5 unless
    a) You have a license from RSADSI.
    b) You live in a country where it's not patented.
    c) You like to break the law.

    Sorry, but using RC5 would be a very bad idea.

  • Equifax certs don't support DSA. It's RSA or squat.

    (at least according to the guy at Equifax who generated my cert.)

    and Thawte does indeed have the greatest test facility. I found them very coder-friendly, intelligent, useful.
  • Are there any public/private key crypto system implementations out there now that are not covered by patents? Diffe Helman was mentioned in an earlier post, are there any companies that produce libraries to that use public/private key system?

The economy depends about as much on economists as the weather does on weather forecasters. -- Jean-Paul Kauffmann

Working...