1993-05-03 - Re: Tough Choices: PGP vs. RSA Data Security

Header Data

From: hfinney@shell.portal.com (Hal Finney)
To: cypherpunks@toad.com
Message Hash: c83290a9502b580089a60fca942c0d641212cc025c3eb52ecf2caa28b2e43c36
Message ID: <9304300305.AA10442@jobe>
Reply To: N/A
UTC Datetime: 1993-05-03 15:12:45 UTC
Raw Date: Mon, 3 May 93 08:12:45 PDT

Raw message

From: hfinney@shell.portal.com (Hal Finney)
Date: Mon, 3 May 93 08:12:45 PDT
To: cypherpunks@toad.com
Subject: Re:  Tough Choices: PGP vs. RSA Data Security
Message-ID: <9304300305.AA10442@jobe>
MIME-Version: 1.0
Content-Type: text/plain


(I sent a copy of this message this morning from my Compuserve account,
but it never appeared.  Fighting to control my surging paranoia, I am
re-sending it from this account.  I apologize if a duplicate eventually
shows up.)

-----BEGIN PGP SIGNED MESSAGE-----

Tim May writes:

> I suggest that we as a community seriously reconsider our basic support for
> PGP. Not because of any flaws in the program, but because of issues related
> to Clipper and the potential limits on crypto.

I see several problems with this proposal.

1. It's not clear what it means to "reconsider our basic support for
PGP."  What exactly is Tim proposing?  That people stop using PGP?  That
they phase out their use of it as legal products become available?  I'd
like to see some clarification.

2. More generally, what about the issue of our advocating and supporting
other possibly infringing actions?  Which ones do we stop?  Just those
that upset Jim Bidzos?  He claims to have patents that cover many more
activities than RSA, including patents which cover the very idea of public
key encryption, and patents on Diffie-Hellman key exchange and virtually
any conceivable variation.  Should we respect all of these now?

3. David Chaum apparently has U.S. patents on many key features of digital
cash.  It looks like we would have to stop working on that, too, by this
reasoning.

4. What reasonable alternatives to PGP exist?  Is RSAREF really usable on
a PC?  I tried an early version and it was terribly, terribly slow.  PGP
is just barely fast enough.  A "legal" version of PGP which uses RSAREF will
presumably be considerably slower.

5. I am not as convinced as Tim that RSADSI is truly, positively, certainly
on our side.  Why is it that RSAREF has such a weak conventional encryption
algorithm (DES, with 56-bit keys)?  RIPEM has been out for many months, and
people have been asking for IDEA or triple DES all that time.  Bidzos has
supposedly said he'll give permission for improvements.  Yet as far as I
know RIPEM still only has this small key size, a key size which persistent
rumors say can be broken by government computers.  When Bidzos permits
RSAREF to run a conventional encryption algorithm with a secure key size I
will give more credence to the view that he wants people to have strong
encryption.

6. How is it that one company has collected virtually all of the patents on
cryptographic technology in this country?  Jim Bidzos controls patents on
public-key encryption in general, RSA, Diffie-Hellman key exchange, ElGamal
signatures and encryption, and several others.  I can't help noticing that
it would be an extraordinarily convenient arrangement for the government
if such a company existed and were secretly working against public use of
cryptography while publically pretending to be doing all they can to bring
this technology to a reluctant market.  I still have not seen any specific
public action by Bidzos which would invalidate this possibility.  Yes, he
has engaged in this widely publicized tiff with NIST over the Digital Signature
Standard, and he's made some statements against Clipper.  But where are the
lawsuits?  Is AT&T receiving the same threatening letters that Stanton
McCandlish received when he said he was distributing PGP from his BBS?

7. Extrapolating from the widespread acceptance of PGP, which is free, to
conclude that there is a market for a commercial encryption product which
costs money is pointless.  Granted, some of us may spend a lot of time
talking about PGP and thinking about these issues, but most PGP users just
downloaded it from a BBS or the net.  There are a lot of things they'd
spend $100 on before they would buy an encryption program.


One of the things that attracted me to Cypherpunks is that they take steps
to make these tools available without worrying about upsetting the power
structure.  David Chaum may object to our implementing digital cash.
Jim Bidzos may object to our using RSA, or Diffie-Hellman, or almost
anything else having to do with cryptography.  If we're going to start
looking over our shoulder and not doing anything which powerful people
object to then we might as well pack up and go home.

Almost everything we have talked about over the last six months infringes
somebody's patents in this country.  I really don't see what role a group
like ours has if we have to tiptoe through the minefield of intellectual
property protection which permeates the field of cryptography.  Are we to
become a bunch of unpaid consultants for RSADSI, writing code which they
will then make profits on?

Phil Zimmermann has done more to put strong cryptography into the hands
of people all over the world in two years than Bidzos has managed in ten.
He has faced lawsuits by Bidzos and has undergone considerable personal
sacrifice in getting this software out.  People talk about this "feud"
as though the two are equally guilty, and ask (like Rodney King) "can't
we all just get along?"  But this is a cop-out.  To me there is clear
asymmetry in their dispute in terms of who asserts their power and who
is trying to empower individuals.

Look at what Tim is suggesting.  We abandon PGP, not because it is a bad
program; not because its author has behaved unethically; not because it
has failed in its goals; but because Jim Bidzos is throwing his weight
around and we don't want Jim to be unhappy.  If Jim were to accept that
PGP was no more threatening to his patents than RSAREF then the problem
would be solved.  I presume that Tim has decided that this won't happen,
so now he suggests Plan B, that we abandon PGP.

I have to suggest that the real obstacle to the wide deployment of strong
cryptography remains Jim Bidzos.  He has the power, by a single stroke of
a pen, to do more to encourage the spread of cryptography in this country
than any other single person (including Bill Clinton).  All he has
to do is to issue a policy statement that since PGP is freeware it falls
under the PKP policy allowing use of the patents for noncommercial use.
Presto - PGP is legal, and one of the main obstacles to its spread is
eliminated.

I agree with Tim that we need to look closely to see who our real enemies
are.  Perhaps Bidzos is a charming person.  I've never met him.  Certainly
the bay area Cypherpunks seem to be falling under his influence.  From my
perspective I find this cozying up to the PKP/RSADSI power structure to
be rather alarming.  I don't think it is a good direction for the group.

Hal Finney
74076.1041@compuserve.com
hal@alumni.caltech.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.2

iQCVAgUBK9/UvKgTA69YIUw3AQGCrgQAi2980bgg4eHAoIbRUtEtT05V7+50UH16
erkzERI8ot+uk0soXPsM53YlVVAvSYVmLY5Ine862RWG0TUldq1O99CbnCet6Da9
/NWVUQCAoKrUuwj7Cetyf84wE4Fof6tbugOtXhke26WXZXhEIIsSdgKBzaDdc/LD
y0zU/abZ9Es=
=IKKf
-----END PGP SIGNATURE-----





Thread