From: ""L. Detweiler"" <ld231782@longs.lance.colostate.edu>
Date: Thu, 17 Jun 93 20:28:26 PDT
To: cypherpunks@toad.com
Subject: Blasting Bidzos Blather
Message-ID: <9306180328.AA15661@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain


The following message is FOR CYPHERPUNKS ONLY. I specifically
*prohibit* further distribution past the mailing list! Please do not
betray my trust!

[Bidzos]
>I'm genuinely
> confused, as I believe the situation is as simple as I put it to you.
> Our claims of patent infringement by DSS, made over the last 18
> months, were well-known and publicized.  NIST has capitulated.  Seems
> pretty straightforward to me.

The more I read from Bidzos, the less I believe he has any overall
control or even awareness of the company, or is purposely duplicitous.
His vague and weak defenses I find personally intelligence-insulting.

DSS seemed to defy the face of all public input into the standard,
which opposed the NIST algorithms (`handed down' in a dictatorial and
authoritarian manner, sound familiar?) in favor of RSA. How is it that
Bidzos makes no reference to this? Apologists for DSS such as Denning
do so on two major grounds: 1) it is part of the larger plan involving
Clipper, therefore lack of duality in encryption and authentication
features (an implicit characteristic of RSA) is not a problem 2) the
security is `no weaker' (cunningly disguised as to appear to say
`better') than RSA. Both are noxiously misleading arguments in
themselves, but are also decoys (like key escrow agencies and
procedures) to the critical issues at stake.

The critical point is that even the *appearance* of a `fair and
impartial' standards making process was totally defied, to the point of
suggesting a complete clandestine backroom collusion! (hm, sound
familiar?) But gosh, I wonder how many people would have advocated RSA
back then when they could predict the future: that NIST would not only
embrace PKP but would award them a complete monopoly on signature standards.

Somehow proponents of this new NSA-Clipper-Capstone obscenity are now
pointing back to history and saying that the main objections to DSS
standards were *technical* (strength of the algorithm) and *legal* (PKP
patenting) and that they have been wholly ameliorated by improvements
(in key size) and recent events (PKP support). This is historical
revisionism at its worst!   From my point of view, critical main
objections were on the warped process that permitted an unpopular (and
perhaps even subversive) standard be adopted!  This revisionism
definitely suggests something deeper and `ulterior' is going on---that
a comprehensive NSA-PKP alliance is in place?

> BTW, on Clipper, ATT, Motorola, IBM could have done Clipper without
> ever talking to us.  Contrary to popular belief, we don't dictate
> terms to licensees. 

First, I find it absolutely ridiculous for an informed agent of PKP,
and for that person to coincidentally be called the *president*, to
claim that `we don't dictate terms to licensees'. This is only true in
the sense that if the licensee does not agree to the terms put down by
PKP, they don't get the license!

Second, I would like to see PKP contracts. There are probably more
clauses than a bad run-on sentence. I'll go out on a limb and wager
that PKP *does* limit the use of RSA in the company's products, and
that the licenses are fairly specific. It seems rather inconceivable to
me that any such corporate agreement that could be so simplistically
summarized as `PKP gives rights to company [x] to use RSA in *any* of
their products as long as they pay [y] royalties'.  The agreement is
very likely product-specific and implementation-limiting. Perhaps Mr.
Bidzos or representatives of companies involved would be willing to
forward copies of these agreements for our consideration of Mr. Bidzos'
claims, assuming they are not `classified'...

Third, regardless of presence of product-specific limitations in the
licenses, and even if PKP has sold licenses to companies that somehow
permit them the latitude to include RSA technology in their Clipper
implementations, PKP can certainly take the future stance that they
will prohibit that use in future corporate contracts! If Mr. Bidzos
really thinks that Clipper is `ill-conceived, ill-timed, and
undesirable' perhaps he should figure out how to keep his company from
supporting, nay, *promoting* and *profiting* from it. Let's look again
at the announcement:

>PKP will also grant a license to practice key management, at no
>additional fee, for the integrated circuits which will implement
>both the DSA and the anticipated Federal Information Processing
>Standard for the "key escrow" system announced by President Clinton
>on April 16, 1993.

`at no additional fee'? What does that mean, `for free'? This
apparently means  Mycotronx, despite being a private company, does not
need to license (read: pay for) the RSA patents on the critical
key-exchange function for use in Capstone for *any* implementations
(public or private), nor does any other company NSA decides to induct
into its privileged enclave. Hm, I wonder how RSA's other `customers'
feel about that? And why would PKP voluntarily give up this potentially
valuable revenue source?

Clipper implementations could be *extremely* lucrative for PKP. That
they don't license them specifically, and in fact voluntarily give up
the perogative to do so, suggests that they gave up something greater
in return for them. Namely, the award of an official U.S.
government-endorsed monopoly on DSS and arguably all valuable
cryptographic techniques.

By the way, let's look Mr. Bidzos' quote on Clipper. Clipper is
`ill-timed'? What does this suggest, that a NSA-PKP partnership would
be better served if it came out sooner or later? Clipper is
`ill-conceived and undesirable'? For who? Was it that PKP perhaps
didn't hear about it soon enough to rob all the tasty new cryptographic
algorithm patents surrounding it, like it did with the Schnorr patent? 
The licensing notice (which was probably reviewed and approved by PKP
representatives) refers to Clipper as `an anticipated Federal
Information Processing Standard?' How, Mr. Bidzos, can this new
revelation possibly be construed to indicate that Clipper `will go away'? 

Yes, I suppose Mr. Bellovin was right. The omnipresent underlying
message here is that nothing is unethical if PKP profits from it.

I advise cypherpunks not to take Mr. Bidzos' comments literally. They
are, however, interesting from the perspective of the study of the
speech of either an uninformed figurehead or a capitalist (or even
nationalist) co-conspirator.

P.S. all cypherpunks `for' an alliance with PKP, please raise your
hand. I personally find the image of `lumbering but ultimately
benevolent corporation' too incredible to hold in the face of recent
events, and am now actually quite embarrassed to have advocated some
`good faith' proposals involving the company which look naively
misguided in hindsight.  PKP is not going to go away when a few of its
patents expire. To the contrary, it appears to be clutching everything
within reach to ensure its eternal domination in the commercial
cryptographic field.  (sound familiar? a PKP-NSA alliance makes perfect sense.)