Tech Insider					     Technology and Trends

			      USENET Archives

Path: gmdzi!unido!mcsun!uunet!!!
From: (Mark Riordan)
Newsgroups: sci.crypt,gnu.misc.discuss,
Subject: rpem: current status
Keywords: rpem RSA patent
Message-ID: <>
Date: 20 May 91 14:50:58 GMT
Organization: Michigan State University
Lines: 62
Xref: gmdzi sci.crypt:53920 gnu.misc.discuss:42719

Let me start by thanking the scores of Internetters who have sent
me messages of support and advice over the past few days.  Some of
the advice was contradictory, but I appreciate it all.

In a nutshell, I am no longer distributing rpem, my free public 
key encryption/Privacy Enhanced Mail program.
Michigan State University asked me to remove it from their computer,
which I did around noon EDT on 17 May.  I can't blame them for not
wanting to get involved in a legal dispute over a project in which
they have no interest.  (rpem was purely a personal project.)

Obviously, I could find other means of distributing rpem.  However,
I have decided, for now, not to do so.  My motivation for the project
was to provide an encryption/PEM scheme that could be used freely
by all (monetarily and legally).  My ends are thwarted if a murky
legal cloud hangs over the project, and advice I've received over 
the last few days indicates that the cloud is indeed murky.

The idea of rpem as an "underground" program, secretly used by a 
few individuals hoping to escape legal entanglements through anonymity,
does not appeal to me.  It's not a significant contribution to 
humanity, and anyway I do not wish to engage in illegal activities.

Here are the options I see.  They are not mutually exclusive.

--  Mount a determined legal challenge to the patent.  This is beyond
my capabilities at the moment.  With a lot of legal assistance I might
be up to it.  A half-hearted challenge would likely be counterproductive,
as a loss in court would just make it that much harder for the next
RSA challenger to win his case.  And, it would be bad news for me personally.

Continuing to distribute rpem without clear plans to mount a challenge
to the patent would seem to be equivalent to mounting a half-hearted
challenge, with the attendant poor outlook for us all.  For this reason, I
request that others also refrain from distributing rpem.

--  Find some other public key algorithm that clearly doesn't violate
any patents, and make a version of rpem that uses it.  I don't 
know whether this is possible.  Some correspondants have suggested that
algorithms based on Galois arithmetic, or the McEliece-Goppa system, fit
the bill.  I'd be willing, even eager, to undertake such a project over
the summer if I were sure that there weren't any legal problems.

--  Make a version of rpem that doesn't use public key (asymmetric) 
cryptosystems.  Privacy Enhanced Mailers of this type are allowed for
in RFCs 1113-1115.  However, I expect that the interest in rpem is due 
to the promise of free public key cryptography and not due so much to
the PEM aspects per se.  Without evidence to the contrary, I will not 
pursue this path.

--  Wait to see if the rumored availability within the next few weeks
of "free" RSA software to the Internet, pans out.

--  Obtain a license to the RSA patent, and distribute rpem or its
successor on a for-pay basis under that license in order to recoup
the licensing fees.  At that point, rpem might as well be converted 
to use RSA, for better RFC 1113 compatibility.
I am skeptical that very many people would be interested in rpem
under these conditions, though.

Mark Riordan

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO vs IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or

Electronic mail:			       WorldWideWeb: