Tech Insider					     Technology and Trends


			      USENET Archives

Newsgroups: sci.crypt
Path: sparky!uunet!zaphod.mps.ohio-state.edu!qt.cs.utexas.edu!
yale.edu!yale!mintaka.lcs.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!burt
From: bu...@chirality.rsa.com (Burt Kaliski)
Subject: RSA Laboratories announces RSAREF free cryptographic toolkit
Message-ID: <BURT.92Mar3135530@chirality.rsa.com>
Sender: ne...@athena.mit.edu (News system)
Nntp-Posting-Host: chirality.rsa.com
Organization: RSA Data Security, Inc.
Distribution: sci
Date: Tue, 3 Mar 1992 18:55:30 GMT
Lines: 397

                              RSAREF(TM):
          A Cryptographic Toolkit for Privacy-Enhanced Mail

                           RSA Laboratories
               (A division of RSA Data Security, Inc.)
                            March 3, 1992


This document copyright (C) 1992 RSA Laboratories, a division of RSA
Data Security, Inc. License is granted to reproduce, copy, post, or
distribute in any manner, provided this document is kept intact and
no modifications, deletions, or additions are made.


WHAT IS IT?

RSAREF is a cryptographic toolkit designed to facilitate rapid
deployment of Internet Privacy-Enhanced Mail (PEM) implementations.
RSAREF represents the fruits of RSA Data Security's commitment to the
U.S. Department of Defense's Advanced Research Projects Agency
(DARPA) to provide free cryptographic source code in support of a PEM
standard. RSA Laboratories offers RSAREF in expectation of PEM's
forthcoming publication as an Internet standard.

Part of RSA's commitment to DARPA was to authorize Trusted
Information Systems of Glenwood, MD, to distribute a full PEM
implementation based on RSAREF. That implementation will be available
this spring.

RSAREF supports the following PEM-specified algorithms:

     o    RSA encryption and key generation, as defined by RSA
            Laboratories' Public-Key Cryptography Standards (PKCS)

     o    MD2 and MD5 message digests

     o    DES (Data Encryption Standard) in cipher-block chaining mode

RSAREF is written in the C programming language as a library that can
be called from an application program. A simple PEM implementation
can be built directly on top of RSAREF, together with message parsing
and formatting routines and certificate-management routines. RSAREF
is distributed with a demonstration program that shows how one might
build such an implementation.

The name "RSAREF" means "RSA reference." RSA Laboratories intends
RSAREF to serve as a portable, educational, reference implementation
of cryptography.


WHAT YOU CAN (AND CANNOT) DO WITH RSAREF

The license at the end of this note gives legal terms and conditions.
Here's the layman's interpretation, for information only and with no
legal weight:

     1.   You can use RSAREF in personal, noncommercial applications,
          as long as you follow the interface described in the RSAREF
          documentation. You can't use RSAREF in any commercial
          (moneymaking) manner of any type, nor can you use it to
          provide services of any kind to any other party. For
          information on commercial licenses of RSAREF-compatible
          products, please contact RSA Data Security.

     2.   You can distribute programs that interface to RSAREF,
          but you can't distribute RSAREF itself. Everyone must
          obtain his or her own copy of RSAREF. (However, free
          licenses to redistribute RSAREF are available. For
          information, please send electronic mail to
          <rsaref-adm...@rsa.com>.)

     3.   You can modify RSAREF as required to port it to other
          operating systems and compilers, as long as you give a copy
          of the results to RSA Laboratories. You can't otherwise
          change RSAREF.

     4.   You can't send RSAREF outside the United States, or give it
          to anyone who is not a United States citizen and doesn't
          have a "green card." (These are U.S. State and Commerce
          Department requirements, because RSA and DES are
          export-controlled technologies.)

The restrictions on the distribution of RSAREF are the consequence of
export-control law. Similar constraints are placed on those
redistributing RSAREF under free license from RSA Laboratories.
Without the export-control law, RSAREF would be available by
anonymous FTP.


HOW TO GET IT

To obtain RSAREF, read the license at the end of the note and return
a copy of the "acknowledgement and acceptance" paragraph by
electronic mail to <rsaref-adm...@rsa.com>.

RSAREF is distributed by electronic mail in a UNIX(TM) "uuencoded"
TAR format. When you receive it, store the contents of the message in
a file, and run your operating system's "uudecode" and TAR programs.

For example, suppose you store the contents of your message in the
file 'contents'. You would run the commands:

     uudecode contents             # produces rsaref.tar
     tar xvf rsaref.tar

RSAREF includes about 60 files organized into the following
subdirectories:

     doc       documentation on RSAREF and RDEMO
     install   makefiles for various operating systems
     rdemo     RDEMO demonstration program
     source    RSAREF source code and include files
     test      test scripts for RDEMO


USERS' GROUP

RSA Laboratories maintains the electronic-mail users' group
<rsaref...@rsa.com> for discussion of RSAREF applications, bug
fixes, etc. To join the user's group, send electronic mail to
<rsaref-use...@rsa.com>.


REGISTRATION

RSAREF users who register with RSA Laboratories are entitled to free
RSAREF upgrades and bug fixes as soon as they become available and a
50% discount on selected RSA Data Security products. To register,
send your name, address, and telephone number to
<rsaref-re...@rsa.com>.


INNOVATION PRIZES

RSA Laboratories will award cash prizes for the best applications
built on RSAREF. If you'd like to submit an application, or want to
be on the review panel, please send electronic mail to
<rsaref-adm...@rsa.com>.


PUBLIC-KEY CERTIFICATION

RSA Data Security offers public-key certification services conforming
to forthcoming PEM standards. For more information, please send
electronic mail to <pem-...@rsa.com>.


OTHER QUESTIONS

If you have questions on RSAREF software, licenses, export
restrictions, or other RSA Laboratories offerings, send electronic
mail to <rsaref-adm...@rsa.com>.


AUTHORS

RSAREF was written by the staff of RSA Laboratories with assistance
from RSA Data Security's software engineers. The DES code is based on
an implementation that Justin Reyneri did at Stanford University. Jim
Hwang of Stanford wrote parts of the arithmetic code under contract
to RSA Laboratories.


ABOUT RSA LABORATORIES

RSA Laboratories is the research and development division of RSA Data
Security, Inc., the company founded by the inventors of the RSA
public-key cryptosystem. RSA Laboratories reviews, designs and
implements secure and efficient cryptosystems of all kinds. Its
clients include government agencies, telecommunications companies,
computer manufacturers, software developers, cable TV broadcasters,
interactive video manufacturers, and satellite broadcast companies,
among others.

RSA Laboratories draws upon the talents of the following people:

Len Adleman, distinguished associate - Ph.D., University of
  California, Berkeley; Henry Salvatori professor of computer
  science at University of Southern California; co-inventor of
  RSA public-key cryptosystem; co-founder of RSA Data Security, Inc.

Taher Elgamal, senior associate - Ph.D., Stanford University;
  director of engineering at RSA Data Security, Inc.; inventor of
  Elgamal public-key cryptosystem based on discrete logarithms

Martin Hellman, distinguished associate - Ph.D., Stanford University;
  professor of electrical engineering at Stanford University;
  co-inventor of public-key cryptography, exponential key exchange;
  IEEE fellow; IEEE Centennial Medal recipient

Burt Kaliski, chief scientist - Ph.D., MIT; former visiting assistant
  professor at Rochester Institute of Technology; author, Public-Key
  Cryptography Standards; general chair, CRYPTO '91

Cetin Koc, associate - Ph.D., University of California, Santa
  Barbara; assistant professor at University of Houston
 
Ron Rivest, distinguished associate - Ph.D., Stanford University;
  professor of computer science, MIT; co-inventor, RSA public-key
  cryptosystem; co-founder, RSA Data Security, Inc.; member, National
  Academy of Engineering; director, International Association for
  Cryptologic Research; program co-chair, ASIACRYPT '91

ADDRESSES

RSA Laboratories                   RSA Data Security, Inc.
10 Twin Dolphin Drive              100 Marine Parkway
Redwood City, CA  94065            Redwood City, CA  94065
USA                                USA

(415) 595-7703                     (415) 595-8782
(415) 595-4126 (fax)               (415) 595-1873 (fax)

PKCS, RSAREF and RSA Laboratories are trademarks of RSA Data
Security, Inc. All other company names and trademarks are not.

----------------------------------------------------------------------
                           RSA LABORATORIES
                      PROGRAM LICENSE AGREEMENT

RSA LABORATORIES, A DIVISION OF RSA DATA SECURITY, INC. ("RSA"), IS
WILLING TO LICENSE THE "RSAREF" PROGRAM FOR YOUR USE ONLY ON THE
TERMS AND CONDITIONS SET FORTH BELOW. YOUR ACKNOWLEDGEMENT AND
ACCEPTANCE OF THESE TERMS AND CONDITIONS BY RETURN ELECTRONIC
TRANSMISSION IS REQUIRED PRIOR TO DELIVERY TO YOU OF THE RSAREF
PROGRAM.

1.   LICENSE. RSA is willing to grant you a non-exclusive,
     non-transferable license for the "RSAREF" program (the
     "Program") and its associated documentation, subject to all of
     the following terms and conditions, but only:

     a.   to use the Program on any computer in your possession, but
          on no more than one computer at any time;

     b.   to make one copy of the Program for back-up purposes only;

     c.   to incorporate the Program into other computer programs only
          through interfaces described in the RSAREF Library
          Reference (the file "rsaref.txt" which accompanies the
          Program) (any such incorporated portion of the Program to
          continue to be subject to the terms and conditions of this
          license) both solely for your own personal or internal use
          or to create Application Programs; and

     d.   to modify the Program for the purpose of porting the Program
          to any other operating systems and compilers, but only on
          the conditions that: (i) you do not alter any Program
          interface, except with the prior written consent of RSA;
          and (ii) you provide RSA with a copy of the ported version
          of the Program by electronic mail.

     "Application Programs" are programs which interface with the
     Program but which do not incorporate all or any portion of the
     Program, whether in source code or object code form.

2. LIMITATIONS ON LICENSE.

     a.   RSA owns the Program and its associated documentation and
          all copyrights therein. YOU MAY NOT USE, COPY, MODIFY OR
          TRANSFER THE PROGRAM, IN EITHER SOURCE CODE OR OBJECT CODE
          FORM, ITS ASSOCIATED DOCUMENTATION, OR ANY COPY,
          MODIFICATION OR MERGED PORTION THEREOF, IN WHOLE OR IN
          PART, EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT OR
          WITH THE PRIOR WRITTEN CONSENT OF RSA. WITHOUT LIMITING THE
          GENERALITY OF THE FOREGOING, YOU MAY NOT PLACE THE PROGRAM
          ON ANY ELECTRONIC BULLETIN BOARD SYSTEM (BBS) OR MAKE THE
          PROGRAM AVAILABLE THROUGH ANY FILE TRANSFER PROTOCOL (FTP).
          YOU MUST REPRODUCE AND INCLUDE RSA'S COPYRIGHT NOTICES ON
          ANY COPY OR MODIFICATION, OR ANY PORTION THEREOF, OF THE
          PROGRAM AND ITS ASSOCIATED DOCUMENTATION.

     b.   The Program is to be used only in connection with a single
          computer. You may physically transfer the Program from one
          computer to another, provided that the Program is used in
          connection with only one computer at any given time. You
          may not transfer the program electronically from one
          computer to another over a network except in connection
          with your own personal or internal use of the Program. You
          may not distribute copies of the Program or its associated
          documentation. IF YOU TRANSFER POSSESSION OF ANY COPY,
          MODIFICATION OR MERGED PORTION OF THE PROGRAM, WHETHER IN
          SOURCE CODE OR OBJECT CODE FORM, OR ITS ASSOCIATED
          DOCUMENTATION TO ANOTHER PARTY, EXCEPT AS EXPRESSLY
          PROVIDED FOR IN THIS LICENSE, YOUR LICENSE SHALL BE
          AUTOMATICALLY TERMINATED.

     c.   The Program is to be used only for non-commercial purposes.
          You may not use the Program to provide services to others
          for which you are compensated in any manner. You may not
          license, distribute or otherwise transfer the Program or
          any part thereof in any form, whether you receive
          compensation or not.

     d.   You may not translate the Program into any other computer
          language.

     e.   You may not incorporate the Program into other programs
          through interfaces other than the interfaces described in
          the RSAREF Library Reference.

3.   NO WARRANTY OF PERFORMANCE. THE PROGRAM AND ITS ASSOCIATED
     DOCUMENTATION ARE LICENSED "AS IS" WITHOUT WARRANTY AS TO THEIR
     PERFORMANCE, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
     PURPOSE. THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF
     THE PROGRAM IS ASSUMED BY YOU. SHOULD THE PROGRAM PROVE
     DEFECTIVE, YOU (AND NOT RSA OR ITS DISTRIBUTOR) ASSUME THE
     ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

4.   LIMITATION OF LIABILITY. EXCEPT AS EXPRESSLY PROVIDED FOR IN
     SECTION 5 HEREINUNDER, NEITHER RSA NOR ANY OTHER PERSON WHO HAS
     BEEN INVOLVED IN THE CREATION, PRODUCTION, OR DELIVERY OF THE
     PROGRAM SHALL BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY
     DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT
     LIMITED TO ANY DAMAGES FOR LOST DATA, RE-RUN TIME, INACCURATE
     INPUT, WORK DELAYS OR LOST PROFITS, RESULTING FROM THE USE OF
     THE PROGRAM OR ITS ASSOCIATED DOCUMENTATION, EVEN IF RSA HAS
     BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

5.   PATENT INFRINGEMENT INDEMNITY. RSA shall indemnify and hold you
     harmless from any and all liability, damages, costs or expenses
     (including reasonable attorneys' fees) which you may incur as
     the result of any claim that the unmodified Program infringes a
     United States patent in the field of cryptography. RSA shall
     have no obligation to you pursuant to this Section 5 unless: (i)
     you give RSA prompt written notice of the claim; (ii) RSA is
     given the right to control and direct the investigation,
     preparation, defense and settlement of the claim; and (iii) the
     claim is based on your use of the unmodified Program in
     accordance with this license. THIS SECTION 5 SETS FORTH RSA'S
     ENTIRE OBLIGATION AND YOUR EXCLUSIVE REMEDIES CONCERNING CLAIMS
     FOR PROPRIETARY RIGHTS INFRINGEMENT.

     NOTE: PORTIONS OF THE PROGRAM PRACTICE METHODS DESCRIBED IN AND
     ARE SUBJECT TO U.S. PATENTS #4,218,582 AND #4,405,829, ISSUED TO
     LELAND STANFORD JR. UNIVERSITY AND MASSACHUSETTS INSTITUTE OF
     TECHNOLOGY RESPECTIVELY. EXCLUSIVE LICENSING RIGHTS ARE HELD BY
     PUBLIC KEY PARTNERS OF SUNNYVALE, CALIFORNIA.

6.   RESTRICTIONS ON FOREIGN RESHIPMENT. THIS LICENSE IS EXPRESSLY
     MADE SUBJECT TO ANY LAWS, REGULATIONS, ORDERS, OR OTHER
     RESTRICTIONS ON THE EXPORT FROM THE UNITED STATES OF AMERICA OF
     THE PROGRAM OR OF ANY INFORMATION ABOUT THE PROGRAM WHICH MAY BE
     IMPOSED FROM TIME TO TIME BY THE GOVERNMENT OF THE UNITED STATES
     OF AMERICA. YOU MAY NOT EXPORT OR REEXPORT, DIRECTLY OR
     INDIRECTLY, THE PROGRAM OR INFORMATION PERTAINING THERETO.

7.   TERM. The license granted hereunder is effective until
     terminated. You may terminate it at any time by destroying the
     Program and its associated documentation together with all
     copies, modifications and merged portions thereof in any form.
     It will also terminate upon the conditions set forth elsewhere
     in this Agreement or if you fail to comply with any term or
     condition of this Agreement. You agree upon such termination to
     destroy the Program and its associated documentation, together
     with all copies, modifications and merged portions thereof in
     any form.

8.   GENERAL

     a.   You may not sublicense the Program or its associated
          documentation or assign or transfer this license. Any
          attempt to sublicense, assign or transfer any of the
          rights, duties or obligations hereunder shall be void.

     b.   This agreement shall be governed by the laws of the State of
          California.

     c.   Address all correspondence regarding this license to RSA's
          electronic mail address <rsaref-adm...@rsa.com>, or
          to

               RSA Laboratories
               ATTN: RSAREF Administrator
               10 Twin Dolphin Drive
               Redwood City, CA  94065
               USA

     d.   TO RECEIVE THE PROGRAM AND ITS ASSOCIATED DOCUMENTATION BY
          ELECTRONIC TRANSMISSION, YOU MUST TRANSMIT THE FOLLOWING
          ACCEPTANCE AND ACKNOWLEDGMENT TO RSA'S ELECTRONIC MAIL
          ADDRESS <rsaref-adm...@rsa.com>:

ACKNOWLEDGMENT AND ACCEPTANCE

I acknowledge that I have read the RSAREF Program License Agreement
and understand and agree to be bound by its terms and conditions,
including without limitation its restrictions on foreign reshipment
of the Program and information related to the Program. The electronic
mail address to which I am requesting that the program be transmitted
is located in the United States of America and I am a United States
citizen or a permanent resident of the United States. The RSAREF
License Agreement is the complete and exclusive agreement between RSA
Laboratories and me relating to the Program, and supersedes any
proposal or prior agreement, oral or written, and any other
communications between RSA Laboratories and me relating to the
Program.

Newsgroups: sci.crypt
Path: sparky!uunet!world!geoff
From: ge...@world.std.com (Geoff Collyer)
Subject: Re: RSA Laboratories announces RSAREF free cryptographic toolkit
Message-ID: <BKKF6r.ro@world.std.com>
Organization: The World @ Software Tool & Die
References: <BURT.92Mar3135530@chirality.rsa.com>
Date: Wed, 4 Mar 1992 01:37:39 GMT

[ I've deleted the bogus "Distribution: sci". ]

I won't quote the original article, since that would appear to be a
violation of copyright.  I'm not a lawyer and I don't even play one on TV,
but I have a couple observations to make.  I don't think PEM is going to
take off if its users have to either pay RSA royalties or abide by the
export-control restrictions on RSAREF.  Speaking of which, point 4 of the
legal summary looks obsolete and incorrect to me.  As I recall, the US
Dept. of Commerce now permits export of cryptographic technology to at
least Canada without a big fuss (i.e. Canada is considered equivalent to
the US for purposes of crypto export).  Given the recent snuggling up to
what used to the USSR, I wouldn't be shocked if this stuff can even to
shipped there with only a little trouble; the Big Red Bogeyman is no
longer under the bed.

And finally a brief flame: bloody software patents and silly goddamned
government regulations are continuing to bugger up any possibility of
progress in the actual use of non-trivial encryption technology.  This
has got to stop if we are ever going to get any serious benefit from
these technologies.  Various governments are going to have to bite the
bullet and admit the possibility that they can't know everything and that
people are genuinely entitled to real, live privacy from blasted
government interference.  Not that I expect that from a government that
thinks that a War On The Constitution (er, Drugs) is a rational concept,
let alone a winnable war.

Snarl, mutter.
-- 
Geoff Collyer		world.std.com!geoff, uunet.uu.net!geoff

Newsgroups: sci.crypt
Path: sparky!uunet!zaphod.mps.ohio-state.edu!qt.cs.utexas.edu!
yale.edu!yale!mintaka.lcs.mit.edu!bloom-picayune.mit.edu!news.mit.edu!jis
From: j...@MIT.EDU (Jeffrey I. Schiller)
Subject: Re: RSA Laboratories announces RSAREF free cryptographic toolkit
In-Reply-To: geoff@world.std.com's message of 4 Mar 92 01:37:39 GMT
Message-ID: <JIS.92Mar3233627@big-screw.MIT.EDU>
Sender: ne...@athena.mit.edu (News system)
Nntp-Posting-Host: big-screw.mit.edu
Organization: Massachusetts Institute of Technology
References: <BURT.92Mar3135530@chirality.rsa.com> <BKKF6r.ro@world.std.com>
Date: Wed, 4 Mar 1992 04:36:27 GMT
Lines: 10

I won't comment COCOM export control laws, we have been over this
ground many times before...

However RSAREF represents an attempt by RSA Data Security to make
"genuinely ... real live privacy" available to the network community
free of charge and with minimal hassle. I think they should be
applauded rather than flamed at!

			-Jeff

Newsgroups: sci.crypt
Path: sparky!uunet!world!geoff
From: ge...@world.std.com (Geoff Collyer)
Subject: Re: RSA Laboratories announces RSAREF free cryptographic toolkit
Message-ID: <BKKs4F.EEp@world.std.com>
Organization: The World @ Software Tool & Die
References: <BURT.92Mar3135530@chirality.rsa.com> <BKKF6r.ro@world.std.com>
	<JIS.92Mar3233627@big-screw.MIT.EDU>
Date: Wed, 4 Mar 1992 06:17:02 GMT

Sorry, I thought it was clear that my flame was aimed at governments, not
RSA.

Unfortunately, between silly government regulations and royalties to RSA
for commercial use, I doubt that this implementation (and thus possibly
PEM) will be taken serious internationally or by the business community.
One can probably eventually work out the royalties, but the belief that
crypto technology is a munition has got to be cured before secure
international mail will be legally allowed.

I realise that this has been discussed before, but I don't know what this
week's interpretation of the US export rules looks like.
-- 
Geoff Collyer		world.std.com!geoff, uunet.uu.net!geoff

Newsgroups: sci.crypt
Path: sparky!uunet!cs.utexas.edu!qt.cs.utexas.edu!yale.edu!yale!
mintaka.lcs.mit.edu!bloom-picayune.mit.edu!news.mit.edu!jis
From: j...@MIT.EDU (Jeffrey I. Schiller)
Subject: Re: RSA Laboratories announces RSAREF free cryptographic toolkit
In-Reply-To: geoff@world.std.com's message of 4 Mar 92 06:17:02 GMT
Message-ID: <JIS.92Mar4123649@big-screw.MIT.EDU>
Sender: ne...@athena.mit.edu (News system)
Nntp-Posting-Host: big-screw.mit.edu
Organization: Massachusetts Institute of Technology
References: <BURT.92Mar3135530@chirality.rsa.com> <BKKF6r.ro@world.std.com>
	<JIS.92Mar3233627@big-screw.MIT.EDU> <BKKs4F.EEp@world.std.com>
Date: Wed, 4 Mar 1992 17:36:49 GMT
Lines: 15

It is important to aim at governments, all (or at least most) governments.
The U.S. is actually quite liberal, there are not restrictions on how you
use cryptography domestically.

If a European (say in Finland) implements a compatible system (the
specifications for PEM are publicly available) then someone in the U.S. and
someone in Finland can community securely.

However in some countries, France for example, it is illegal for encrypted
information to cross the border unless the government is supplied the keys
necessary to decrypt the information!

Crypto export is *not* a U.S. only problem.

			-Jeff

Newsgroups: sci.crypt
Path: sparky!uunet!wupost!ukma!sean
From: se...@ms.uky.edu (Sean Casey)
Subject: Re: RSA Laboratories announces RSAREF free cryptographic toolkit
References: <BKKF6r.ro@world.std.com> <JIS.92Mar3233627@big-screw.MIT.EDU> 
    <1992Mar4.191034.6062@ux1.cso.uiuc.edu> 
    <1992Mar7.062814.840@sneaky.lonestar.org>
Message-ID: <1992Mar7.214829.9936@ms.uky.edu>
Distribution: na
Date: Sun, 8 Mar 1992 02:48:29 GMT
Organization: University Of Kentucky, Dept. of Math Sciences
X-Bytes: 672
Lines: 16

I am kind of interested if RSA intends to allow an intermediate level
of security, that is, the use of public and private keys without
having them in a registry.

This could be used, for example, to establish an identity for a chat
system or mailing, but not one which has my name in it. Anonymous IDs
can be quite useful, and I'm wondering where these fit in RSA's plans.

Sean

-- 
                  |``Wind, waves, etc. are breakdowns in the face of the
Sean Casey        | commitment to getting from here to there. But they are the
se...@s.ms.uky.edu | conditions for sailing -- not something to be gotten rid
U of KY, Lexington| of, but something to be danced with.''

Newsgroups: sci.crypt
Path: sparky!uunet!stanford.edu!snorkelwacker.mit.edu!
bloom-picayune.mit.edu!news.mit.edu!jis
From: j...@MIT.EDU (Jeffrey I. Schiller)
Subject: Re: RSA Laboratories announces RSAREF free cryptographic toolkit
In-Reply-To: sean@ms.uky.edu's message of Sun, 8 Mar 1992 02:48:29 GMT
Message-ID: <JIS.92Mar8014637@big-screw.MIT.EDU>
Sender: ne...@athena.mit.edu (News system)
Nntp-Posting-Host: big-screw.mit.edu
Organization: Massachusetts Institute of Technology
References: <BKKF6r.ro@world.std.com> <JIS.92Mar3233627@big-screw.MIT.EDU>
	<1992Mar4.191034.6062@ux1.cso.uiuc.edu>
	<1992Mar7.062814.840@sneaky.lonestar.org>
	<1992Mar7.214829.9936@ms.uky.edu>
Distribution: na
Date: Sun, 8 Mar 1992 06:46:37 GMT
Lines: 30

I have a copy of RSAREF so I can comment on its features (rather than
speculating).

RSAREF does *not* require the keys that you use be registered in any
particular key registry. In fact RSAREF does not even require certificates.
It is designed to make writing a PEM application easy, it does some of
the things that you need to do, but it does not limit what you do. There
is no "built in" root key.

As for requiring people to reveal their private key in order to get
registered (if registration was required, which it isn't), NO ONE IN
THE PEM IMPLEMENTORS AND DESIGNERS COMMUNITY EVER *EVER* ENVISIONED
PEOPLE NEEDING TO DO THIS.

I have written a PEM implementation here at MIT. In my implementation
each user generates her own public/private key pair. The private key
is stored on disk encrypted in a DES key which is derived from a
password that the user is prompted for. Only the public key needs be
revealed to the certifying authority in order to get it registered.

Of course one of the problems with my implementation (if you wish to
call this a problem) is that if someone forgets their password, they
are hosed and can no longer decrypt any messages sent to them
encrypted in the corresponding public key.

Please people, verify your facts before flaming. RSAREF is available
*now* get a copy and examine it rather then speculate how it works
(not to mention being paranoid about it).

				-Jeff

Newsgroups: sci.crypt
Path: sparky!uunet!haven.umd.edu!news.umbc.edu!umbc4.umbc.edu!brian
From: br...@umbc4.umbc.edu (Brian Cuthie)
Subject: Re: RSA Laboratories announces RSAREF free cryptographic toolkit
Message-ID: <1992Mar12.154034.6440@umbc3.umbc.edu>
Sender: news...@umbc3.umbc.edu (News posting account)
Organization: University of Maryland Baltimore Campus
References: <BKKF6r.ro@world.std.com> <JIS.92Mar3233627@big-screw.MIT.EDU> 
<1992Mar4.191034.6062@ux1.cso.uiuc.edu>
Date: Thu, 12 Mar 1992 15:40:34 GMT

>j...@MIT.EDU (Jeffrey I. Schiller) writes:
>
>However RSAREF represents an attempt by RSA Data Security to make
>"genuinely ... real live privacy" available to the network community
>free of charge and with minimal hassle. I think they should be
>applauded rather than flamed at!

>			-Jeff


Bah Humbug!  At the risk of offending someone at RSA who really does mean
well by this campain, I would say that this is no different than DEC giving
computers to universities since the late 70's.  DEC's only interest was
in making sure that everyone who graduated from college with a CS or EE
degree was a PDP-11 expert.  Why ?  So he/she would insist that their
employers use DEC computers.  Marketing, pure and simple.

It seems to me that if RSA really had *our* interests in mind then there
would be no restrictions on commercial use.  Afterall, to be viewed as a 
standard, it must be used universally.  This will only happen if it can
be painlessly included in commercial applications.

What RSA is really trying to do (IMHO) is seed the market with free copies
of their code, hoping that its use will become widespread.  Then, as
commercial developers realize that they will need to include it in their
products for compatibility, RSA will have a lock on the market.

If these guys were so magnanimous they would be giving it away with no 
strings attached.  They aren't.

-Brian

Newsgroups: sci.crypt
Path: sparky!uunet!usc!zaphod.mps.ohio-state.edu!qt.cs.utexas.edu!
yale.edu!yale!mintaka.lcs.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!jim
From: j...@chirality.rsa.com (Jim Bidzos)
Subject: Re: RSA Laboratories announces RSAREF free cryptographic toolkit
In-Reply-To: brian@umbc4.umbc.edu's message of Thu, 12 Mar 1992 15:40:34 GMT
Message-ID: <JIM.92Mar12100454@chirality.rsa.com>
Sender: ne...@athena.mit.edu (News system)
Nntp-Posting-Host: chirality.rsa.com
Organization: RSA Data Security, Inc.
References: <BKKF6r.ro@world.std.com> <JIS.92Mar3233627@big-screw.MIT.EDU>
	<1992Mar4.191034.6062@ux1.cso.uiuc.edu>
	<1992Mar12.154034.6440@umbc3.umbc.edu>
Date: Thu, 12 Mar 1992 15:04:54 GMT
Lines: 16

Br...@umbc4.umbc.edu writes:

> This will only happen if it can be painlessly included 
> in commercial applications.

With IBM, Apple, DEC, Sun, Novell, Microsoft, Unisys, WordPerfect,
Lotus, Motorola, etc.  already licensed to incorporate RSA into
systems and applications at no measurable cost to the user
("painlessly"), I don't think you can make the argument that RSA Labs
released RSAREF to "lock up the market."

As stated in the RSAREF announcement, RSAREF is the fulfillment of a
commitment to DARPA to provide free software in support of an Internet
PEM standard. I believe it does that.

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO v IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or
research.

Electronic mail:			       WorldWideWeb:
   tech-insider@outlook.com			  http://tech-insider.org/