Path: gmdzi!unido!mcsun!uunet!snorkelwacker!tut.cis.ohio-state.edu!
ucsd!pacbell.com!pacbell!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: sci.crypt
Subject: NIST public key standards // Stoll on NSA // PK Partners
Message-ID: <12004@hoptoad.uucp>
Date: 17 Aug 90 20:16:09 GMT
References: <11999@hoptoad.uucp>
Organization: Cygnus Support, Palo Alto
Lines: 116
Posted: Fri Aug 17 21:16:09 1990
A clipping from Network World of July 23, 1990 was circulated at Crypto '90.
In some ways it sounds like a puff piece from RSA Data Security, but
it also has some information about what's up.
NIST to announce public key encryption standard
Major vendors stand behind RSA Data's proposal
by Ellen Messmer, Washington Correspondent
The National Institute of Standards and Technology (NIST) plans to
release a proposed public key encryption standard in September that
could have far-reaching effects on network software and equipment
providers.
Public key encryption is a technology used to encode data files to
prevent unauthorized access. Public key encryption products are based
on two keys -- one public and one private. Data encrypted with the
public key can only be decrypted by the private key. No exchange of
keys between parties has to be made.
Although NIST already has an established Data Encryption Standard
(DES), public key encryption is seen as an easier technology to use.
In fact, many computer and network vendors are eager to implement the
technology into their network products or have alredy announced
support to enhance existing security features.
Major vendors, including Digital Equipment Corp., Lotus Development
Corp, Motorola Inc and Novell Inc are hoping that NIST opts for the
RSA Public Key Cryptosystem, a public key encryption method proposed
by RSA Data Security, Inc. These vendors already support RSA's
technology.
NIST has never proposed a public key encryption standard, and some
have questions whether that is because the National Security Agency
(NSA) fears that the wide deployment of such a system would hamper its
intelligence gathering efforts.
James Bidzos, persident of RSA Data Security has suggested that the NSA
may be putting pressure on NIST to reject the RSA algorithm for use as
a standard. The NSA and NIST declined to comment.
NIST's decision on a public key encryption standard will have a
far-reaching impact on vendors because NIST standards become
requirements in government purchases and are widely adopted by the
private sector, such as the financial industry.
Should NIST settle on another alternative, it could force vendors to
support the de facto standard to serve commercial users and to rework
their products to support a lesser known method for government
clients.
Steve Lipner, engineering group manager for DEC's Secure Systems Group,
said DEC would evaluate any new proposed non-RSA-based standard from
NIST against "RSA's very attractive properties as a public key
algorithm."
...about 4 para. deleted...
The Consultative Committee on International Telephony and Telegraphy
and the International Standards Organization have also drafted public
key encryption standards based on the RSA algorithm. The Society for
Worldwide Interbank Financial Telecommunication global funds-transfer
network has adopted RSA technology, and U.S. banks will be required to
use it, RSA's Bidzos said.
RSA Data Security stnds to gain considerably through licensing fees if
its technology is adopted as a standard.
Industry observers said they believe NIST will propose the RSA
algorithm as a standard in September. But recent comments from Stuart
Katzke, chief of NIST's Computer Security Division, have raised
doubts. "We're still working on the issue," Katzke said, emphasizing
that no decision has been made on whether to choose RSA.
He added that there are some national security concerns. "We're trying
to weigh all the factors in making a decision."
- 40 -
Gnu here again...
Part of the Congressional hearings on public key standards included
testimony by Cliff Stoll. When asked by an NSA representative whether
deploying cryptography in the US would make NSA's "intelligence
mission" harder, he replied that it was none of NSA's business what
means are used to secure private US computers; that if his computer at
Harvard has secure communications with computers on the West Coast that
it has no impact on NSA. (NSA has no authorization to intercept
communications between US citizens -- gnu.) And that in fact, the US is
more dependent on computer technology and more at risk if technology to
secure computer networks is not developed. We strengthen the country's
ability to defend itself by securing our own networks so that the KGB
and others can't penetrate them, even if in the process we strengthen
some outside networks too. Congratulations, Cliff! The other folks
testifying would go completely mealymouthed when confronted with the
"intelligence mission" bogeyman. Let's outlaw privacy so the NSA
has an easier job, yeah, that's the ticket.
On a side note, I learned at the conference that RSA Data Security's
board of directors consists of Ron Rivest (the co-inventor) and James
Bidzos, president of the company. The other inventors are not
principals in the company, but share in the royalties.
RSA has licensed its patent to PK Partners, a company formed by MIT,
Stanford, RSADSI, and Cylink to provide a single point of contact for
licensing public key patents. PK Partners controls four key public key
patents in the US and other parts of the world. PKP has guaranteed to
NIST that if RSA is adopted, it will be licensed for "reasonable" fees
and in a "non-discriminatory" fashion. I personally had a concern that
PK Partners effectively has monopoly control over the main technology
for privacy in the U.S. I think they will use the control to make
money rather than to restrict privacy, however. The situation still
bears watching.
--
John Gilmore {sun,pacbell,uunet,pyramid}!hoptoad!gnu g...@toad.com
The Gutenberg Bible is printed on hemp (marijuana) paper. So was the July 2,
1776 draft of the Declaration of Independence. Why can't we grow it now?
Path: gmdzi!unido!mcsun!uunet!wuarchive!cs.utexas.edu!sun-barr!newstop!
texsun!letni!merch!sneaky!gordon
From: gordon@sneaky.UUCP (Gordon Burditt)
Newsgroups: sci.crypt
Subject: Re: PK Partners // RSA licensing
Message-ID: <36278@sneaky.UUCP>
Date: 26 Aug 90 01:40:41 GMT
References: <11999@hoptoad.uucp> <12004@hoptoad.uucp>
<1990Aug23.010448.18827@msuinfo.cl.msu.edu>
Organization: Gordon Burditt
Lines: 45
Posted: Sun Aug 26 02:40:41 1990
>>and in a "non-discriminatory" fashion. I personally had a concern that
>>PK Partners effectively has monopoly control over the main technology
>>for privacy in the U.S. I think they will use the control to make
>>money rather than to restrict privacy, however. The situation still
>>bears watching.
Is public key encryption real, practical, and legal yet? Or is it still
bogged down in a mess of lawyers?
Is the public-key key distribution scheme outlined in RFCs 1113-1115
(a) A pipe dream the NSA will never permit to happen,
(b) Operational,
(c) Might be operational in 3 years after NIST makes it a standard,
(d) Might be operational in 10 years if there's lots of demand and
favorable outcome of a lot of court battles.
Hypothetical example: a few dozen people in the USA wish to communicate
privately with each other using a public-key system at least as strong as RSA
with 200-digit keys. They, like all other people, cannot prove that they
are not Drug Dealers(tm). They also want their use of RSA or other public-key
encryption to survive legal scrutiny.
Case A: They already have a program using RSA that works, and wish to
license use of RSA for that program, for a fixed (but later expandable
with additional fee) number of copies. The program will not be sold.
They don't want to give out a copy of the program to PK Partners or
anyone else but their group, either. The users want to do their own key
management since a more visible key management system can be threatened
by their spouse's divorce lawyers, the IRS, and other sinister government
agencies. Can this be done with the constraints (1) licensing complete in
3 months, (2) software+legal budget of about a PC-system-worth per user (this
is deliberately vague), (3) zero lawyer-hours and less than 2 weeks clock time
to add more users after the initial agreement is reached. Assume that
$10/year (forever) in fees can be considered equivalent to a lump sum of $100.
Case B: They don't have any software and they want to buy some,
shrinkwrapped if possible, with the same 3 constraints as above.
The users want a key generation/distribution service included (and they
are not particularly afraid of the government subverting it). The software
budget should allow for 4 key changes per user over the period of a few years.
Being able to communicate with thousands of others using the same software on
different hardware platforms is a big plus, and might increase the budget 50%.
Gordon L. Burditt
sneaky.lonestar.org!gordon
Path: gmdzi!unido!mcsun!uunet!decwrl!apple!well!rsa
From: r...@well.sf.ca.us (RSA Data Security)
Newsgroups: sci.crypt
Subject: Re: PK Partners // RSA licensing
Message-ID: <20148@well.sf.ca.us>
Date: 6 Sep 90 15:38:10 GMT
References: <12004@hoptoad.uucp>
<1990Aug23.010448.18827@msuinfo.cl.msu.edu> <18227@frog.UUCP>
Organization: Whole Earth 'Lectronic Link, Sausalito, CA
Lines: 66
Posted: Thu Sep 6 16:38:10 1990
In a recent article, rior...@clvax1.cl.msu.edu (Mark Riordan)
asks,
>Can someone explain to me the legal/licensing restrictions that apply
>to the Rivest-Shamir-Adleman (RSA) public key system?
>I had earlier heard some rumor that the RSA system was "patented"
>or something, and this posting seems to confirm it.
RSA is covered by United States Patent 4,405,829, "Cryptographic
Communications System and Method." Public Key Partners holds
exclusive sublicensing rights from MIT. Licenses can also be
obtained from RSA Data Security Inc. MIT and the U.S. Government
can practice RSA without a license; anyone else in the United
States must obtain a license to do so.
>But the RSA
>cryptosystem is just an algorithm, and how can you patent an
>algorithm?
You are right in part. It is difficult to patent algorithms, and
for this reason algorithms are often rewritten as hardware
circuits, which can be patented. However, the RSA cryptosystem
as patented is not an algorithm. The patent claims to cover the
application of the C = M**E mod N and related transformations in
a "cryptographic communications system." The transformations
themselves are not patented, only their application.
>Or does the patent apply to one particular implementation
>of the algorithm? If the latter, why would anyone pay licensing
>fees? (The algorithm can be implemented fairly easily. Perhaps
>PK Partners' is particularily efficient?)
Particular implementations are copyrighted but not patented.
Public Key Partners has no products. RSA Data Security Inc.
offers a number of efficient embodiments.
>I have just completed writing an implementation of the RSA system,
>based on my reading of readily-available textbooks on the subject.
>I was hoping to include my code as enhancements to a widely-distributed
>public domain program, which I would continue to keep in the public
>domain. Is this legitimate?
Probably not. While your code is not an application of RSA, you
may be inciting others to infringe. You should certainly get
legal advice before doing this. Clearly if you "make, use or
sell" any device practicing the patented art, a license is
required.
>I was also planning on posting my code here. Is that legitimate?
Yes and no. While posting your code or otherwise publishing
implementations of RSA is probably legitimate with respect to
the patent, you may again be inciting others to infringe the
patent. Furthermore, such posting may violate export laws on
cryptography. Again, you should get legal advice.
>If Rivest, et al., can patent an algorithm, why aren't sorting algorithms
>and so on patented? I'm confused.
Perhaps some sorting algorithms are (e.g., sorting networks). I
would be interested if anyone knows more about this.
-----------------------------------------------------------------
Burt Kaliski, RSA Data Security Inc., Redwood City, CA 94065
EMail: bu...@rsa.com
Tel. 415 595 8782 Fax: 415 595 1873