Path: sparky!uunet!portal!lll-winken!sun-barr!decwrl!decwrl!netcomsv!
netcom.com!strnlght
From: strn...@netcom.com (David Sternlight)
Newsgroups: sci.crypt
Subject: RSA marketing weakness or lack of demand?
Message-ID: <1992Nov4.195416.4015@netcom.com>
Date: 4 Nov 92 19:54:16 GMT
References: <1992Nov4.125819.1637@guvax.acc.georgetown.edu>
Organization: Netcom - Online Communication Services (408 241-9760 guest)
Lines: 18
It appears that RSA has had patent protection for about 15 years. Yet
there are no readily available standard RSA systems for use on Macs,
nor standard electronic mail packages widely available for purchase
using RSA (though it is claimed that Apple's OCE will include at
least message authentication next year).
I'm curious about what people think about why this is. Is it that RSA
are poor marketers? poor at raising capital to start a "proper"
business and hiring good marketers? that there is really little
widespread demand for such systems in the "mass" software market?
other explanations?
To avoid flames, none of the above are more than logical possibilities,
and they should not be read as personal attacks on RSA.
--
pgp 2.0 and ripem public keys available on request
Path: sparky!uunet!europa.asd.contel.com!darwin.sura.net!
zaphod.mps.ohio-state.edu!cs.utexas.edu!sun-barr!decwrl!decwrl!waikato.ac.nz!
aukuni.ac.nz!cs18.cs.aukuni.ac.nz!pgut1
Newsgroups: sci.crypt
Subject: Re: RSA marketing weakness or lack of demand?
Message-ID: <1992Nov10.001617.2999@cs.aukuni.ac.nz>
From: pg...@cs.aukuni.ac.nz (Peter Gutmann)
Date: Tue, 10 Nov 1992 00:16:17 GMT
References: <1992Nov4.195416.4015@netcom.com> <iDLTTB12w165w@mantis.co.uk>
<1992Nov6.235631.538@netcom.com>
Organization: Computer Science Dept. University of Auckland
Lines: 78
In <1992Nov6....@netcom.com> strn...@netcom.com (David Sternlight) writes:
>There are a number of problems with this notion. First, they've been willing
>to license the RSA subroutine package pretty readily--for example to all the
>beta testers of ripem (a system roughly similar in concept to pgp).
[I presume you mean RSAREF here].
The problem with RSAREF is that it's essentially a toy implementation, in
addition to being extreme crippleware (you can't do much with it, and because
of the restrictions on its use there's no escape either) - that summary of
RSAREF is merely IMHO BTW. RSAREF is basically something which PKP/RSADSI can
throw out to the masses, say "Look what nice guys we are, we're giving people
RSA code", and yet offer no threat at all to their current stranglehold on RSA
encryption. To quote the PGP docs:
"Apparently [Phil Zimmermanns] release of PGP helped provide the impetus
for [PKP] to offer some sort of a freeware-style license for noncommercial
use of the RSA algorithm".
RSAREF is a nice red herring, but little else....
Rhetorical question for people who've used RSAREF:
Assuming for the moment *no legal pressure from PKP*, and given the choice
between using RSAREF with all it's attached conditions and caveats, or
equivalent routines you've implemented yourself from scratch, which would you
prefer?
>Second, though pgp uses IDEA rather than DES, it does use the public key
>system, and apparently there's no objection provided it's for non-commercial
>use.
Yes there is....it seems half the users of PGP in the US live in fear and
trembling of using PGP *for private, non-commercial use*, for fear of what PKP
will do to them. Phil Zimmermann has had to stop working on PGP although he
makes no money from it, due to PKP threatening him with legal action.
According to Phil, Jim Bidzos, president of PKP, has said he will *never*
license PGP. This doesn't sound like "no objections" to me.
>I fear we either have to look elsewhere for a satisfactory explanation for
>RSA/PKP partner's failure to market the system software more widely and
>vigorously, or the USG has been pretty silly in their attempts to control it
>via that path.
I disagree. If the USG *is* trying to control it via that path, then whoever
dreamed up the idea was probably given some sort of medal for it. The PKP
stranglehold on PKC's is probably the biggest single reason why the entire
world isn't currently using public-key encryption on a day-to-day basis. Sure,
the US export restrictions help, but if people really want it they'll either
get it out of the US somehow, or they'll manufacture it outside the US.
However noone wants to use a cryptosystem for which they know that any use
within the US will cause PKP's lawyers to come down on them like a ton of
bricks. I don't know whether the USG has used PKP to control PKC's (TLA,
TLA:-), but if they did then they've done a darn good job. I'll leave you with
this quote from the PGP docs:
"Not only did PKP acquire the exclusive patent rights for the RSA
cryptosystem, which was developed with your tax dollars, but they also
somehow acquired the exclusive rights to three other patents covering rival
public key schemes invented by others, also developed with your tax dollars.
This essentially gives one company a legal lock in the USA on nearly all
practical public key cryptosystems. They even appear to be claiming patent
rights on the very concept of public key cryptography, regardless of what
clever new original algorithms are independently invented by others. And
you thought patent law was designed to encourage innovation! PKP does not
actually develop any software-- they don't even have an engineering
department-- they are essentially a litigation company.
Public key cryptography is destined to become a crucial technology in the
protection of our civil liberties and privacy in our increasingly connected
society. Why should the Government try to limit access to this key
technology, when a single monopoly can do it for them?"
Peter.
--
pg...@cs.aukuni.ac.nz || pet...@kcbbs.gen.nz || pe...@nacjack.gen.nz
(In order of preference)
Path: sparky!uunet!ogicse!decwrl!csus.edu!netcom.com!strnlght
From: strn...@netcom.com (David Sternlight)
Newsgroups: sci.crypt
Subject: Re: RSA marketing weakness or lack of demand?
Message-ID: <1992Nov10.065940.3930@netcom.com>
Date: 10 Nov 92 06:59:40 GMT
Article-I.D.: netcom.1992Nov10.065940.3930
References: <iDLTTB12w165w@mantis.co.uk> <1992Nov6.235631.538@netcom.com>
<1992Nov10.001617.2999@cs.aukuni.ac.nz>
Organization: Netcom - Online Communication Services (408 241-9760 guest)
Lines: 9
Peter Gutmann appears to have an axe to grind when he criticizes
RSAREF as a "toy" since it IS made available for use in RIPEM.
It works fine, and does the job. Moreover, an even more useful
and powerful version is incorporated in the latest Beta 4 version
of RIPEM. This seems inconsistent with Gutmann's strongly
--
David Sternlight
(pgp 2.0 and ripem public keys available on request)
Newsgroups: sci.crypt
Path: sparky!uunet!sun-barr!ames!haven.umd.edu!news.umbc.edu!gmuvax2!
pfarrell
From: pfar...@gmuvax2.gmu.edu (Pat Farrell)
Subject: Re: RSA marketing weakness or lack of demand?
Message-ID: <1992Nov10.130521.2525@gmuvax2.gmu.edu>
Keywords: RsA, PKP, marketing
Organization: George Mason University, Fairfax, Va.
References: <1992Nov4.125819.1637@guvax.acc.georgetown.edu>
<1992Nov4.195416.4015@netcom.com>
Date: Tue, 10 Nov 1992 13:05:21 GMT
Lines: 61
In article <1992Nov4.1...@netcom.com>
strn...@netcom.com (David Sternlight) writes:
>
>It appears that RSA has had patent protection for about 15 years. Yet
>there are no readily available standard RSA systems for use on Macs,
>nor standard electronic mail packages widely available for purchase
>using RSA (though it is claimed that Apple's OCE will include at
>least message authentication next year).
>
>I'm curious about what people think about why this is.
I believe that market acceptance of the encryption and
authentication capabilities of RSA have been slow to catch on
because most technology needs to be accepted by the 'early
adopters' well before it can be accepted by the mass market.
I think the authentication market for RSA has the potential to
be far larger than the encryption side. As businesses
actually roll out client/server application in production use,
the authentication issue will become critical. It is a small
problem when all the clients are on a company-owned and
controlled network. It is a huge problem when the net is the
Internet.
Businesses are conservative. Businesses dealing with money are
even more conservative. They will accept digital signatures
only when there is a proven track record of their use in
general. Not long ago, the idea of a bank offering a credit
card was radical, even though stores had been issuing cards
for years. Business will accept the technology after is
has gained acceptance.
The non-availability of software is seriously hurting
acceptance. PEM is no better than available "real soon now"
and its reliance on "certifying authorities" is bothersome.
And while PGP is available, use in the US, which has the most
personal computers connected to modems, is claimed to be
illegal by the very folks who should be promoting licensed use
of RSA. I expect that it will take a couple of years of use
before the user interface and key management issues of these
packages are resolved will enough to allow mass market use.
It will take longer still for integrated packages that can
seamlessly handle the various flavors of encryption (IDEA,
DES, RSA, etc.) and delivery mechanisms (SMTP, X.400, MCImail,
CompuServ, Prodigy, etc.) without making the user keep it all
straight. I do not believe that the general public is willing
to care about the conflicts. If they are not resolved, the
public simply won't use it.
Until integrated software is widely available, and the legal
usage issues resolved, RSA will remain at best a niche
product. It is possible that this will not be resolved before
the PKP patents expire.
Pat
Pat Farrell, 40+ year Grad Student pfar...@cs.gmu.edu
Department of Computer Science, George Mason University, Fairfax, VA
PGP Public key available via finger #include standard.disclaimer
Write PKP. Offer money for a personal use license for RSA. Free PGP in the US.
Newsgroups: sci.crypt
Path: sparky!uunet!think.com!ames!decwrl!csus.edu!netcom.com!strnlght
From: strn...@netcom.com (David Sternlight)
Subject: Re: RSA marketing weakness or lack of demand?
Message-ID: <1992Nov10.212531.7712@netcom.com>
Keywords: RsA, PKP, marketing
Organization: Netcom - Online Communication Services (408 241-9760 guest)
References: <1992Nov4.125819.1637@guvax.acc.georgetown.edu>
<1992Nov4.195416.4015@netcom.com> <1992Nov10.130521.2525@gmuvax2.gmu.edu>
Date: Tue, 10 Nov 1992 21:25:31 GMT
Lines: 28
Pat Farrell says:
"Until integrated software is widely available, and the legal
usage issues resolved, RSA will remain at best a niche
product. It is possible that this will not be resolved before
the PKP patents expire."
That's 1997. I'm curious. Do people think a Democratic administration
and Congress would support or oppose key registration? What's the
historical track record on similar issues?
If the Democrats obtain a second term, absent new laws, unrestricted
use of public key systems without PKP's legal interference will
be possible at that time. Who knows, by then personal computers may
even be fast enough to permit full RSA use, rather than RSA key encryption
of DES/IDEA messages. In any case, the issue would need to be confronted
by both intelligence and law enforcement.
I predict that unless a key registration law is "sneaked in" there's
going to be a bitter public battle over this issue during the current
Clinton administration. Hone your arguments and your
intervention/lobbying/testimony techniques now, whatever side of this
you're on.
--
David Sternlight
(pgp 2.0 and ripem public keys available on request)
Newsgroups: sci.crypt
Path: sparky!uunet!charon.amdahl.com!pacbell.com!network.ucsd.edu!usc!
zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!spool.mu.edu!umn.edu!
csus.edu!netcom.com!tcmay
From: tc...@netcom.com (Timothy C. May)
Subject: Re: RSA marketing weakness or lack of demand?
Message-ID: <1992Nov11.175047.9868@netcom.com>
Organization: Netcom - Online Communication Services (408 241-9760 guest)
X-Newsreader: Tin 1.1 PL5
References: <1992Nov10.212531.7712@netcom.com>
Date: Wed, 11 Nov 1992 17:50:47 GMT
Lines: 33
David Sternlight (strn...@netcom.com) wrote:
: If the Democrats obtain a second term, absent new laws, unrestricted
: use of public key systems without PKP's legal interference will
: be possible at that time. Who knows, by then personal computers may
: even be fast enough to permit full RSA use, rather than RSA key encryption
: of DES/IDEA messages. In any case, the issue would need to be confronted
: by both intelligence and law enforcement.
:
: I predict that unless a key registration law is "sneaked in" there's
: going to be a bitter public battle over this issue during the current
: Clinton administration. Hone your arguments and your
: intervention/lobbying/testimony techniques now, whatever side of this
: you're on.
Crypto was a very hot topic at this year's Hackers Conferene. The
Denning key registration trial balloon came up several times. Mike
Godwin of the EFF told me he expects something similar to the Denning
proposal to be used, even in a Clinton Administration.
He's talking to folks around D.C. and the consensus is that the
various agencies are pressing for something along these lines.
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tc...@netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: awaiting Macintosh version.