From: rior...@clvax1.cl.msu.edu (Mark Riordan)
Subject: rpem: current status
Keywords: rpem RSA patent
Date: 20 May 91 14:50:58 GMT
Organization: Michigan State University
Xref: gmdzi sci.crypt:53920 gnu.misc.discuss:42719 misc.legal:66298
Let me start by thanking the scores of Internetters who have sent
me messages of support and advice over the past few days. Some of
the advice was contradictory, but I appreciate it all.
In a nutshell, I am no longer distributing rpem, my free public
key encryption/Privacy Enhanced Mail program.
Michigan State University asked me to remove it from their computer,
which I did around noon EDT on 17 May. I can't blame them for not
wanting to get involved in a legal dispute over a project in which
they have no interest. (rpem was purely a personal project.)
Obviously, I could find other means of distributing rpem. However,
I have decided, for now, not to do so. My motivation for the project
was to provide an encryption/PEM scheme that could be used freely
by all (monetarily and legally). My ends are thwarted if a murky
legal cloud hangs over the project, and advice I've received over
the last few days indicates that the cloud is indeed murky.
The idea of rpem as an "underground" program, secretly used by a
few individuals hoping to escape legal entanglements through anonymity,
does not appeal to me. It's not a significant contribution to
humanity, and anyway I do not wish to engage in illegal activities.
Here are the options I see. They are not mutually exclusive.
-- Mount a determined legal challenge to the patent. This is beyond
my capabilities at the moment. With a lot of legal assistance I might
be up to it. A half-hearted challenge would likely be counterproductive,
as a loss in court would just make it that much harder for the next
RSA challenger to win his case. And, it would be bad news for me personally.
Continuing to distribute rpem without clear plans to mount a challenge
to the patent would seem to be equivalent to mounting a half-hearted
challenge, with the attendant poor outlook for us all. For this reason, I
request that others also refrain from distributing rpem.
-- Find some other public key algorithm that clearly doesn't violate
any patents, and make a version of rpem that uses it. I don't
know whether this is possible. Some correspondants have suggested that
algorithms based on Galois arithmetic, or the McEliece-Goppa system, fit
the bill. I'd be willing, even eager, to undertake such a project over
the summer if I were sure that there weren't any legal problems.
-- Make a version of rpem that doesn't use public key (asymmetric)
cryptosystems. Privacy Enhanced Mailers of this type are allowed for
in RFCs 1113-1115. However, I expect that the interest in rpem is due
to the promise of free public key cryptography and not due so much to
the PEM aspects per se. Without evidence to the contrary, I will not
pursue this path.
-- Wait to see if the rumored availability within the next few weeks
of "free" RSA software to the Internet, pans out.
-- Obtain a license to the RSA patent, and distribute rpem or its
successor on a for-pay basis under that license in order to recoup
the licensing fees. At that point, rpem might as well be converted
to use RSA, for better RFC 1113 compatibility.
I am skeptical that very many people would be interested in rpem
under these conditions, though.
Mark Riordan rior...@clvax1.cl.msu.edu