Encryption/ PK Partners and Cash--- COMPROMISE

Path: gmdzi!unido!mcsun!uunet!cs.utexas.edu!rice!uw-beaver!cornell!wayner
From: way...@CS.Cornell.EDU (Peter Wayner)
Newsgroups: sci.crypt
Subject: Encryption/ PK Partners and Cash--- COMPROMISE
Message-ID: <1991May18.145622.6476@cs.cornell.edu>
Date: 18 May 91 14:56:22 GMT
Sender: ne...@cs.cornell.edu (USENET news user)
Organization: Cornell Univ. CS Dept, Ithaca NY 14853
Lines: 43
Nntp-Posting-Host: elli.cs.cornell.edu

For now I'm assuming that the RSA patent holds AND that it would be a
no-no to post a public-domain program to encrypt using RSA or Rabin.
This may or may not be true.

The real problem is that PK partners haven't managed to make RSA into
an easy-to-use, cheap standard for mail and encryption. That hurts them,
because they don't get the piles of cash, and it hurts us because we
don't get the advantages of RSA. I've heard talk and talk and talk about
schemes they plan to offer to the world, but I've never been offered 
anything. All this waiting is just a pain and now the Congress is going
to make things illegal. 

I think Mark Riordan is giving them a good chance to change things. PK
Partners should offer a license for a small fee, say $2 to $10.  I
would be quite willing to purchase something that would allow me to
use RSA encryption without guilt or legal hassles. It should be a
general license that would allow me to use whatever software package I
chose.

This money would be pure profit for PK partners. They would not have
to manufacture software or maintain it. Sure there would be people
that would use it without paying, but Microsoft lives quite well with
the existance of piracy. I don't really mind paying at all because RSA
is the only public-key system that has survived lots of analysis and
attention. It was a great piece of mathematics and certainly much more
of a breakthrough than say, MS-DOS. There is no reason for all of us
to quibble about the legality of patents and all this
esoteric-philosophical stuff that puts money in the lawyers' pockets.

There is not much time for a compromise. To RSA, I say, "Offer
moderately priced, cheap licenses to individuals. Don't worry about
piracy. Don't get greedy.  Many thin slices of bread is better than
one fat loaf." To the rest of us, "Don't begrudge them an honest
profit. Don't get caught up in stupid patent philosophisizing." 

If a general encryption standard is implemented and in use it will be
much harder for Congress to make it illegal. 

-- 
Peter Wayner   Department of Computer Science Cornell Univ. Ithaca, NY 14850
EMail:...@cs.cornell.edu    Office: 607-255-9202 or 255-1008
Home: 116 Oak Ave, Ithaca, NY 14850  Phone: 607-277-6678

Path: gmdzi!unido!mcsun!uunet!zaphod.mps.ohio-state.edu!
pacific.mps.ohio-state.edu!linac!att!att!ulysses!ulysses.att.com!smb
From: s...@ulysses.att.com (Steven Bellovin)
Newsgroups: sci.crypt
Subject: Re: Encryption/ PK Partners and Cash--- COMPROMISE
Message-ID: <14830@ulysses.att.com>
Date: 19 May 91 00:58:01 GMT
References: <1991May18.145622.6476@cs.cornell.edu>
Sender: net...@ulysses.att.com
Lines: 12

In article <1991May18....@cs.cornell.edu>, 
way...@CS.Cornell.EDU (Peter Wayner) writes:
> The real problem is that PK partners haven't managed to make RSA into
> an easy-to-use, cheap standard for mail and encryption. That hurts them,
> because they don't get the piles of cash, and it hurts us because we
> don't get the advantages of RSA.

Don't forget the Privacy-Enhanced Mail stuff that is based on RSA.
Release is very close, and to use it you'll need to buy certificates
at $25 for two years, per user.  They don't have much incentive to
license anyone else at less than that....  Btw, PK Partners holds
the patent rights to exponential key exchange, which is used in
SunOS.  There are *lots* of copies of that around...

Path: gmdzi!unido!mcsun!uunet!decwrl!deccrl!bloom-beacon!
bloom-picayune.mit.edu!news.mit.edu!jis
From: j...@MIT.EDU (Jeffrey I. Schiller)
Newsgroups: sci.crypt
Subject: Re: Encryption/ PK Partners and Cash--- COMPROMISE
Message-ID: <JIS.91May18213125@BIG-SCREW.MIT.EDU>
Date: 18 May 91 19:31:25 GMT
References: <1991May18.145622.6476@cs.cornell.edu> <14830@ulysses.att.com>
Sender: ne...@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 29
In-Reply-To: smb@ulysses.att.com's message of 19 May 91 00:58:01 GMT

In article <14...@ulysses.att.com> s...@ulysses.att.com (Steven Bellovin) writes:
   Don't forget the Privacy-Enhanced Mail stuff that is based on RSA.
   Release is very close, and to use it you'll need to buy certificates
   at $25 for two years, per user.  They don't have much incentive to
   license anyone else at less than that....

The $25 per certificate price is for quantity one obtained directly from
RSADSI. Organizations will be able to issue certificates (via a mechanism
that provides a "strong" level of security) for their members for on the
order of $2.50 per certificate (good for two years). The $25 value should
be viewed as an upper bound. One way of looking at the $25 per certificate
arrangement is that you are paying some (small) amount of that money for
the right to use the technology (say about $2, though I don't have
authoritative numbers) and the rest is to recover the cost of offering
the logistics of certificate signing.

   Btw, PK Partners holds
   the patent rights to exponential key exchange, which is used in
   SunOS.  There are *lots* of copies of that around...

I am sure that Sun is paying royalties to Public Key Partners. This
shouldn't come as a surprise, I believe part of the price of an
Ethenet board is to pay royalties to someone (Xerox?) for the right to
use the technology.

Disclaimer: I am not a representative of RSADSI nor PKP, however I do
work him them (and find them quite reasonable).

			-Jeff