From: snyderra@dunx1.ocs.drexel.edu (Bob Snyder)
Date: Tue, 17 May 94 05:01:19 PDT
To: Hal <cypherpunks@toad.com
Subject: Re:  Fixing pgp 2.6
Message-ID: <199405171200.IAA04846@dunx1.ocs.drexel.edu>
MIME-Version: 1.0
Content-Type: text/plain


At  6:19 PM 5/16/94 -0700, Hal wrote:

>First, note the strong hint in Schiller's message about operators of
>key servers who accept pre-2.6 keys being guilty of contributory
>infringement of the RSA patent.  I think we can expect strong legal
>pressure from RSA to shut down the remaining U.S. key servers, even
>those which don't use illegal versions of PGP.  They succeeded once in
>shutting down the key servers which used PGP; they will succeed again
>in shutting down the others due to the contributory infringement threat.

Presumably this won't affect the non-US keyservers.  I don't see the people
running said servers bowing into pressure about a patent that doesn't
affect them....

>For the same reason, hopes of getting a non-RSA-approved "2.6a" (hacked
>to be backwards compatible with 2.3) widely available in the U.S. are
>not well founded.  FTP sites which hold programs or even patch files to
>allow 2.6 to interoperate with 2.3 will be targetted by RSA as
>contributory infringers.  In short, the legal advantages PGP 2.6 will
>have over unapproved versions will be strong enough that it will be
>widely used in the U.S.

The thing is, though, that PGP 2.5 *doesn't* infringe on the patent,
because of the use of RSAREF.  Any version that uses RSAREF should be legal
from that patent sense.  Presuming that there aren't copyright issues
involved with the 2.5 release, I don't see any reason that code couldn't be
maintained and fixed.  I'll have to check the copyright status on 2.5 when
I log on.

There are many people, including myself, that won't get involved with an
infringing version of PGP.  PGP won't get "wide" acceptance until the
isssues are resolved.  At the same time, PGP also won't get "wide"
acceptance unless it is interoperable with the outside world.  This would
involve code using RSAREF coming legally into the US and being used, or
code using RSAREF being illegally shipped outside of the US.  Apparently,
the latter has already happened.  But either way, for PGP to be
noninfringing in the US, it needs to use RSAREF.

I'm guessing that the new version of RSAREF they announced would be coming
out will probably alter the terms to make this difficult/impossible.
However, I don't believe there is any requirement we use the latest version
of RSAREF...  Just to use the license that comes with that version of the
code.

Bob

--
Bob Snyder N2KGO                                     MIME, RIPEM mail accepted
snyderra@dunx1.ocs.drexel.edu                       finger for RIPEM public key
         When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.