From: wcs@anchor.ho.att.com (Bill_Stewart_HOY002_1305)
Date: Wed, 22 Sep 93 08:06:53 PDT
To: cypherpunks@toad.com
Subject: Re: Why RSA?
Message-ID: <9309212347.AA26247@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text


Derek writes:
> First, the ViaCrypt version:  I realize that it is legal.
> It's also very expensive when compared to the price of
If you buy it now, it's $100; even $199 is within the
realm of what corporate customers consider non-annoying,
especially since volume discounts kick in very rapidly.
(Q5 = $120 each, Q20 = $83 ea, Q50+ = negotiable.)

$100 is within my pain threshhold, and that of most serious
non-student cypherpunks, though I'd be much happier at $49.95,
and I'd guess they'd get more up-front cypherpunk revenue.
I'm not sure the legalities of buying ViaCrypt PGP and then using
the latest off-the-net version with trustable source and fewer bugs,
but I'd feel better about that than just using PGP without a license.

I don't know if ViaCrypt includes any distinguishing features
that let you tell a ViaCrypt PGP message from a Real PGP message -
they could do subtle stuff like make the session keys all 
include some checksum (e.g. be a multiple of N mod M),
or crude stuff like put "Version 2.3ViaCrypt" in the headers,
which would let them detect non-ViaCrypt PGP users.
I assume not, but I haven't seen it.

> * is there a reference I can read that covers the scope of
>   public key crypto patents?
Basically, there are the patents themselves.
Check your favorite FTP sites, including rsa.com,
and ask your favorite mathematically-trained patent lawyer
how realistic the claims are and how much broad the interesting ones are.

> * in broad terms, what would I have to do to develop an
>   algorithm that works from a user's perspective like
>   p.k.c. (ie public/private keys, the central functional
>   point of all the wonderful schemes based on pkc) but
>   doesn't violate patents?

To avoid patent problems, either get a license from PKP,
or do any implementations outside the US (it's ok to use the
math as math, you just can't apply it for encrypting stuff),
or work for the U.S. government which gets use of at least RSA free.
If you develop a new public-key algorithm that's any good,
PKP may be willing to make a deal with you.

# Bill Stewart    wcs@anchor.ho.att.com  +1-908-949-0705 Fax-4876
# AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ  07733-3030
#
#		goin' where the climate suits my clothes ....