From: khijol!erc@apple.com (Ed Carp)
Date: Wed, 1 Sep 93 15:24:28 PDT
To: danodom@matt.ksu.ksu.edu (Dan Odom)
Subject: Re: Encryption policies of Fidnet, etc.
In-Reply-To: <9309011744.AA12892@matt.ksu.ksu.edu>
Message-ID: <m0oXxvR-00028SC@warrior>
MIME-Version: 1.0
Content-Type: text


> Ed Carp Said:
> 
> > It has long been held that there is an exemption to 'patent infringment'
> > for educational or other "non-commercial" uses.
> 
> Is this just for RSA, or for all patents?  If PKP wanted to forbid
> academic use of RSA (or require a license for it), could they legally
> do so?  Assume for now that the patent is valid, which it may not
> be...

I'm under the impression that it's for any patent, but I'm not a lawyer (I
just play one on the net [grin]).

> I ask all this because I often hear researchers looking for a cure for
> (insert your favorite aliment here) complain that they have to pay
> patent royalties on the gentically-modified animals they use in their
> work, and if, say, two patented rabbits produce offspring, they
> have to pay royalties on each of the offspring as well.  This is
> academic use (to me anyway; I don't know about legally), but requires
> royalties.

I think it's because they are using them to make $$$.  I think.  :)

Here's the README from the RSA folks that I got with RSAREF.  Hope it answers
one or two of your questions. :)
--------------------------------- cut here -----------------------------------
                              RSAREF(TM):
          A Cryptographic Toolkit for Privacy-Enhanced Mail

                           RSA Laboratories
               (A division of RSA Data Security, Inc.)
                            April 20, 1992


This document copyright (C) 1992 RSA Laboratories, a division of RSA
Data Security, Inc. License is granted to reproduce, copy, post, or
distribute in any manner, provided this document is kept intact and
no modifications, deletions, or additions are made.


WHAT IS IT?

RSAREF is a cryptographic toolkit designed to facilitate rapid
deployment of Internet Privacy-Enhanced Mail (PEM) implementations.
RSAREF represents the fruits of RSA Data Security's commitment to the
U.S. Department of Defense's Advanced Research Projects Agency
(DARPA) to provide free cryptographic source code in support of a PEM
standard. RSA Laboratories offers RSAREF in expectation of PEM's
forthcoming publication as an Internet standard.

Part of RSA's commitment to DARPA was to authorize Trusted Information
Systems of Glenwood, MD, to distribute a full PEM implementation. That
implementation will be available this spring.

RSAREF supports the following PEM-specified algorithms:

     o    RSA encryption and key generation, as defined by RSA
            Laboratories' Public-Key Cryptography Standards (PKCS)

     o    MD2 and MD5 message digests

     o    DES (Data Encryption Standard) in cipher-block chaining mode

RSAREF is written in the C programming language as a library that can
be called from an application program. A simple PEM implementation
can be built directly on top of RSAREF, together with message parsing
and formatting routines and certificate-management routines. RSAREF
is distributed with a demonstration program that shows how one might
build such an implementation.

The name "RSAREF" means "RSA reference." RSA Laboratories intends
RSAREF to serve as a portable, educational, reference implementation
of cryptography.


WHAT YOU CAN (AND CANNOT) DO WITH RSAREF

The license at the end of this note gives legal terms and conditions.
Here's the layman's interpretation, for information only and with no
legal weight:

     1.   You can use RSAREF in personal, non-commercial applications,
          as long as you follow the interface described in the RSAREF
          documentation. You can't use RSAREF in any commercial
          (moneymaking) manner of any type, nor can you use it to
          provide services of any kind to any other party. For
          information on commercial licenses of RSAREF-compatible
          products, please contact RSA Data Security. (Special
          arrangements are available for educational institutions and
          non-profit organizations.)

     2.   You can give others RSAREF and programs that interface to
          RSAREF, under the same terms and conditions as your RSAREF
          license.

     3.   You can modify RSAREF as required to port it to other
          operating systems and compilers, as long as you give a copy
          of the results to RSA Laboratories. Other changes require
          written consent.

     4.   You can't send RSAREF outside the United States or Canada, or
          give it to anyone who is not a U.S. or Canadian citizen and
          doesn't have a U.S. "green card." (These are U.S. State and
          Commerce Department requirements, because RSA and DES are
          export-controlled technologies. Without the export-control
          restrictions, RSAREF would be available by anonymous FTP.)


HOW TO GET IT

To obtain RSAREF, read the license at the end of the note and return a
copy of the following paragraph by electronic mail to
<rsaref-administrator@rsa.com>:

     I acknowledge that I have read the RSAREF Program License
     Agreement and understand and agree to be bound by its terms and
     conditions, including without limitation its restrictions on
     foreign reshipment of the Program and information related to the
     Program. The electronic mail address to which I am requesting
     that the program be transmitted is located in the United States
     of America or Canada and I am a United States citizen, a Canadian
     citizen, or a permanent resident of the United States. The RSAREF
     Program License Agreement is the complete and exclusive agreement
     between RSA Laboratories and me relating to the Program, and
     supersedes any proposal or prior agreement, oral or written, and
     any other communications between RSA Laboratories and me relating
     to the Program.

RSAREF is distributed by electronic mail in UNIX(TM) "uuencoded" TAR
format. When you receive it, store the contents of the message in a
file, and run your operating system's "uudecode" and TAR programs.
For example, suppose you store the contents of your message in the
file 'contents'. You would run the commands:

     uudecode contents             # produces rsaref.tar
     tar xvf rsaref.tar

RSAREF includes about 60 files organized into the following
subdirectories:

     doc       documentation on RSAREF and RDEMO
     install   makefiles for various operating systems
     rdemo     RDEMO demonstration program
     source    RSAREF source code and include files
     test      test scripts for RDEMO


USERS' GROUP

RSA Laboratories maintains the electronic-mail users' group
<rsaref-users@rsa.com> for discussion of RSAREF applications, bug
fixes, etc. To join the users' group, send electronic mail to
<rsaref-users-request@rsa.com>.


REGISTRATION

RSAREF users who register with RSA Laboratories are entitled to free
RSAREF upgrades and bug fixes as soon as they become available and a
50% discount on selected RSA Data Security products. To register,
send your name, address, and telephone number to
<rsaref-registration@rsa.com>.


INNOVATION PRIZES

RSA Laboratories will award cash prizes for the best applications
built on RSAREF. If you'd like to submit an application, want to be
on the review panel, or would like more details, please send
electronic mail to <rsaref-prizes@rsa.com>. Applications are due
December 31, 1992, and awards will be announced March 31, 1993. First
prize is $5000, second prize is $2000, and there are five prizes of
$1000.


PUBLIC-KEY CERTIFICATION

RSA Data Security offers public-key certification services conforming
to forthcoming PEM standards. For more information, please send
electronic mail to <pem-info@rsa.com>.


PKCS: PUBLIC-KEY CRYPTOGRAPHY STANDARDS

To obtain copies of RSA Laboratories' Public-Key Cryptography
Standards (PKCS), send electronic mail to <pkcs-info@rsa.com>.


OTHER QUESTIONS

If you have questions on RSAREF software, licenses, export
restrictions, or other RSA Laboratories offerings, send electronic
mail to <rsaref-administrator@rsa.com>.


AUTHORS

RSAREF was written by the staff of RSA Laboratories with assistance
from RSA Data Security's software engineers. The DES code is based on
an implementation that Justin Reyneri did at Stanford University. Jim
Hwang of Stanford wrote parts of the arithmetic code under contract
to RSA Laboratories.


ABOUT RSA LABORATORIES

RSA Laboratories is the research and development division of RSA Data
Security, Inc., the company founded by the inventors of the RSA
public-key cryptosystem. RSA Laboratories reviews, designs and
implements secure and efficient cryptosystems of all kinds. Its
clients include government agencies, telecommunications companies,
computer manufacturers, software developers, cable TV broadcasters,
interactive video manufacturers, and satellite broadcast companies,
among others.

RSA Laboratories draws upon the talents of the following people:

Len Adleman, distinguished associate - Ph.D., University of
  California, Berkeley; Henry Salvatori professor of computer
  science at University of Southern California; co-inventor of
  RSA public-key cryptosystem; co-founder of RSA Data Security, Inc.

Taher Elgamal, senior associate - Ph.D., Stanford University;
  director of engineering at RSA Data Security, Inc.; inventor of
  Elgamal public-key cryptosystem based on discrete logarithms

Martin Hellman, distinguished associate - Ph.D., Stanford University;
  professor of electrical engineering at Stanford University;
  co-inventor of public-key cryptography, exponential key exchange;
  IEEE fellow; IEEE Centennial Medal recipient

Burt Kaliski, chief scientist - Ph.D., MIT; former visiting assistant
  professor at Rochester Institute of Technology; author of Public-Key
  Cryptography Standards; general chair of CRYPTO '91

Cetin Koc, associate - Ph.D., University of California, Santa
  Barbara; assistant professor at University of Houston
 
Ron Rivest, distinguished associate - Ph.D., Stanford University;
  professor of computer science, MIT; co-inventor of RSA public-key
  cryptosystem; co-founder of RSA Data Security, Inc.; member of
  National Academy of Engineering; director of International
  Association for Cryptologic Research; program co-chair of ASIACRYPT
  '91

RSA Laboratories seeks the talents of other people as well. If you're
interested, please write or call.

ADDRESSES

RSA Laboratories                   RSA Data Security, Inc.
10 Twin Dolphin Drive              100 Marine Parkway
Redwood City, CA  94065            Redwood City, CA  94065

(415) 595-7703                     (415) 595-8782
(415) 595-4126 (fax)               (415) 595-1873 (fax)

PKCS, RSAREF and RSA Laboratories are trademarks of RSA Data
Security, Inc. All other company names and trademarks are not.

----------------------------------------------------------------------
                           RSA LABORATORIES
                      PROGRAM LICENSE AGREEMENT

RSA LABORATORIES, A DIVISION OF RSA DATA SECURITY, INC. ("RSA"), IS
WILLING TO LICENSE THE "RSAREF" PROGRAM ON THE TERMS AND CONDITIONS
SET FORTH BELOW. YOUR ACKNOWLEDGEMENT AND ACCEPTANCE OF THESE TERMS
AND CONDITIONS IS REQUIRED PRIOR TO DELIVERY TO YOU OF THE RSAREF
PROGRAM.

1.   LICENSE. RSA is willing to grant you a non-exclusive,
     non-transferable license for the "RSAREF" program (the
     "Program") and its associated documentation, subject to all of
     the following terms and conditions:

     a.   to use the Program on any computer in your possession;

     b.   to make copies of the Program for back-up purposes;

     c.   to incorporate the Program into other computer programs only
          through interfaces described in the RSAREF Library
          Reference (the file "rsaref.txt" which accompanies the
          Program) (any such incorporated portion of the Program to
          continue to be subject to the terms and conditions of this
          license) only for your own personal or internal use or to
          create Application Programs;

     d.   to modify the Program for the purpose of porting the Program
          to any other operating systems and compilers, but only on
          the conditions that: (i) you do not alter any Program
          interface, except with the prior written consent of RSA;
          and (ii) you provide RSA with a copy of the ported version
          of the Program by electronic mail; and

     e.   to distribute the Program without charge to non-commercial
          users, but only in accordance with the limitations set forth
          in Section 2.

"Application Programs" are programs which either (i) incorporate all
or any portion of the Program in any form, or (ii) interface with the
Program but do not incorporate all or any portion of the Program in
any form.

2. LIMITATIONS ON LICENSE.

     a.   RSA owns the Program and its associated documentation and
          all copyrights therein. YOU MAY NOT USE, COPY, MODIFY OR
          TRANSFER THE PROGRAM, IN EITHER SOURCE CODE OR OBJECT CODE
          FORM, ITS ASSOCIATED DOCUMENTATION, OR ANY COPY,
          MODIFICATION OR MERGED PORTION THEREOF, IN WHOLE OR IN
          PART, EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT OR
          WITH THE PRIOR WRITTEN CONSENT OF RSA. YOU MUST REPRODUCE
          AND INCLUDE RSA'S COPYRIGHT NOTICES ON ANY COPY OR
          MODIFICATION, OR ANY PORTION THEREOF, OF THE PROGRAM AND
          ITS ASSOCIATED DOCUMENTATION.

     b.   You may not distribute copies of the Program or its
          associated documentation or any Application Program except
          as expressly provided in this Agreement. IF YOU TRANSFER
          POSSESSION OF ANY COPY, MODIFICATION OR MERGED PORTION OF
          THE PROGRAM, WHETHER IN SOURCE CODE OR OBJECT CODE FORM, OR
          ITS ASSOCIATED DOCUMENTATION OR ANY APPLICATION PROGRAM, IN
          SOURCE CODE OR OBJECT CODE FORM, TO ANOTHER PARTY, EXCEPT
          AS EXPRESSLY PROVIDED FOR IN THIS LICENSE, YOUR LICENSE
          SHALL BE AUTOMATICALLY TERMINATED.

     c.   The Program and all Application Programs are to be used only
          for non-commercial purposes. This means that you may not use
          the Program or any Application Programs in any manner or for
          any purpose directly related to a product or service that is
          provided for sale to third parties (either by you or by any
          person or entity for whom you provide services) or that is
          provided (with or without compensation) for general use
          within a business organization or subdivision thereof. In
          addition, you may not distribute the Program or any
          Application Program in any manner that will generate any
          income to you, including without limitation any income on
          account of license fees, royalties, maintenance fees and
          upgrade fees.

     d.   You may not translate the Program into any other computer
          language, except with the prior written consent of RSA.

     e.   You may not incorporate the Program into other programs
          through interfaces other than the interfaces described in
          the RSAREF Library Reference, except with the prior written
          consent of RSA.

     f.  You may distribute the Program only in the following forms:
         (i) the unmodified Program, in source code or object code
         form; (ii) the Program as modified only for the purpose of
         porting it to another operating system or compiler in
         accordance with Section 1.d., in source code or object code
         form; and (iii) as part of an Application Program in
         executable code form.

     g.  You may distribute the Program only pursuant to a Program
         License Agreement exactly in the form of this Program License
         Agreement. You may not vary the terms of this Program License
         Agreement. You may distribute the Program only in compliance
         with all laws, regulations, orders and other restrictions on
         the export from the United States of America of the Program
         or of any information about the Program which are imposed by
         the government of the United States of America.

3.   NO RSA OBLIGATION. You are solely responsible for all of your
     costs and expenses incurred in connection with the distribution
     of the Program hereunder, and RSA shall have no liability,
     obligation or responsibility therefor. RSA shall have no
     obligation to provide maintenance, support, upgrades or new
     releases to you or to any distributee of the Program.

4.   NO WARRANTY OF PERFORMANCE. THE PROGRAM AND ITS ASSOCIATED
     DOCUMENTATION ARE LICENSED "AS IS" WITHOUT WARRANTY AS TO THEIR
     PERFORMANCE, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
     PURPOSE. THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF
     THE PROGRAM IS ASSUMED BY YOU AND YOUR DISTRIBUTEES. SHOULD THE
     PROGRAM PROVE DEFECTIVE, YOU AND YOUR DISTRIBUTEES (AND NOT RSA)
     ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR
     CORRECTION.

5.   LIMITATION OF LIABILITY. EXCEPT AS EXPRESSLY PROVIDED FOR IN
     SECTION 6 HEREINUNDER, NEITHER RSA NOR ANY OTHER PERSON WHO HAS
     BEEN INVOLVED IN THE CREATION, PRODUCTION, OR DELIVERY OF THE
     PROGRAM SHALL BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY
     DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT
     LIMITED TO ANY DAMAGES FOR LOST DATA, RE-RUN TIME, INACCURATE
     INPUT, WORK DELAYS OR LOST PROFITS, RESULTING FROM THE USE OF
     THE PROGRAM OR ITS ASSOCIATED DOCUMENTATION, EVEN IF RSA HAS
     BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

6.   PATENT INFRINGEMENT OBLIGATION. Subject to the limitations set
     forth below, RSA, at its own expense, shall: (i) defend, or at
     its option settle, any claim, suit or proceeding against you on
     the basis of infringement of any United States patent in the
     field of cryptography by the unmodified Program; and (ii) pay any
     final judgment or settlement entered against you on such issue in
     any such suit or proceeding defended by RSA; provided, however,
     that RSA's indemnity obligations hereunder shall not exceed
     $5000, including the cost to RSA of defending or settling such
     suit or proceeding. The obligations of RSA under this Section 6
     are subject to: (i) RSA's having sole control of the defense of
     any such claim, suit or proceeding; (ii) your notifying RSA
     promptly in writing of each such claim, suit or proceeding and
     giving RSA authority to proceed as stated in this Section 6; and
     (iii) your giving RSA all information known to you relating to
     such claim, suit or proceeding and cooperating with RSA to defend
     any such claim, suit or proceeding. RSA shall have no obligation
     under this Section 6 with respect to any claim to the extent it
     is based upon use of the Program in a manner other than that
     permitted by this Agreement. THIS SECTION 6 SETS FORTH RSA'S
     ENTIRE OBLIGATION AND YOUR EXCLUSIVE REMEDIES CONCERNING CLAIMS
     FOR PROPRIETARY RIGHTS INFRINGEMENT.

     NOTE: Portions of the Program practice methods described in and
     subject to U.S. Patents Nos. 4,218,582 and 4,405,829, issued to
     Leland Stanford Jr. University and Massachusetts Institute of
     Technology, respectively. Such patents are licensed to RSA by
     Public Key Partners of Sunnyvale, California, the holder of
     exclusive licensing rights. This Agreement does not grant or
     convey any interest whatsoever in such patents.

7.   RESTRICTIONS ON FOREIGN RESHIPMENT. THIS LICENSE IS EXPRESSLY
     MADE SUBJECT TO ANY LAWS, REGULATIONS, ORDERS, OR OTHER
     RESTRICTIONS ON THE EXPORT FROM THE UNITED STATES OF AMERICA OF
     THE PROGRAM OR OF ANY INFORMATION ABOUT THE PROGRAM WHICH MAY BE
     IMPOSED FROM TIME TO TIME BY THE GOVERNMENT OF THE UNITED STATES
     OF AMERICA. YOU MAY NOT EXPORT OR REEXPORT, DIRECTLY OR
     INDIRECTLY, THE PROGRAM OR INFORMATION PERTAINING THERETO, EXCEPT
     TO CANADA PURSUANT TO SECTION 126.5 OF THE U.S. INTERNATIONAL
     TRAFFIC IN ARMS REGULATIONS.

8.   TERM. The license granted hereunder is effective until
     terminated. You may terminate it at any time by destroying the
     Program and its associated documentation together with all
     copies, modifications and merged portions thereof in any form
     known to be in your possession. It will also terminate upon the
     conditions set forth elsewhere in this Agreement or if you fail
     to comply with any term or condition of this Agreement. You agree
     upon such termination to cease making copies of, using or
     distributing the Program and to destroy the Program and its
     associated documentation, together with all copies, modifications
     and merged portions thereof in any form known to be in your
     possession.

8.   GENERAL

     a.   This Agreement shall be governed by the laws of the State of
          California.

     b.   Address all correspondence regarding this license to RSA's
          electronic mail address <rsaref-administrator@rsa.com>, or
          to

               RSA Laboratories
               ATTN: RSAREF Administrator
               10 Twin Dolphin Drive
               Redwood City, CA  94065
-- 
Ed Carp				erc@apple.com			510/659-9560

If you want magic, let go of your armor.  Magic is so much stronger than
steel!        -- Richard Bach, "The Bridge Across Forever"