1995-07-26 - Re: RC4

Header Data

From: rross@sci.dixie.edu (Russell Ross)
To: Hal <hfinney@shell.portal.com>
Message Hash: c7196e9e103635aa70d82708c477e4236991730bc1436a1f1a934bb4e95b4483
Message ID: <v01520d01ac3c496012a1@[144.38.16.209]>
Reply To: N/A
UTC Datetime: 1995-07-26 19:38:46 UTC
Raw Date: Wed, 26 Jul 95 12:38:46 PDT

Raw message

From: rross@sci.dixie.edu (Russell Ross)
Date: Wed, 26 Jul 95 12:38:46 PDT
To: Hal <hfinney@shell.portal.com>
Subject: Re: RC4
Message-ID: <v01520d01ac3c496012a1@[144.38.16.209]>
MIME-Version: 1.0
Content-Type: text/plain


>From: Alex Tang <altitude@umich.edu>
>> I talked with RSA yesterday specifically about free servers and RC4.
>> They just said that they would need a business plan for the
>> server product.  When i said that the product would be free, they started
>> talking in circles about how everyone who uses RC4 needed a license (but i
>> was asking about the licenses...)  I asked flat out "how much would a
>> license for RC4 cost for a free server product".  They only reponded with
>> "Very Expensive", and then went on about a business plan.
>
>Ask them about the free version of RC4 which is circulating.  If they say
>it is patented ask them for the patent number.  Ask them why you should
>pay them big bucks if you can get it for free.

Here's their reply to a similar correspondence:

>The RC4 algorithm is copyrighted by and intellectual property of RSA Data
>Security.  For use of this algorithm in a product or service you plan to
>sell, you may use the RC4 software implementation from our BSAFE toolkit.
>Licenses are not available for other commercial software implementations of
>this algorithm other than what is included in our BSAFE toolkit.

I wasn't aware that you could copyright an algorithm.  Patent, yes, but not
copyright.  Intellectual property meens secret, right?  Aren't there any
precendence cases involving propriety schemes that are reverse engineered?
I know there have been, I just can't remember what they are.  In any case,
RSADSI is likely to sue anyone who attempts to use the RC4 code openly, and
even if they lose there are considerable legal fees involved for whoever
tries it.  What if a bunch of people put secure HTTPd servers online at the
same time, without any clear trail pointing to the first one?  If the RC4
code really is legal to use, this would make it hard for RSADSI to pinpoint
anyone to sue, thus eliminating the intimidation factor.

By the way, since RSA is such a vocal opponent of the Clipper chip on the
grounds of its secret Skipjack algorithm, why does it market secret
algorithms like RC4 and RC2?  Does this seen like a double face to anyone
else?

-----------------------------------------------------------
Russell Ross                     email: rross@sci.dixie.edu
1260 N 1280 W                    voice: (801)628-8146
St. George, UT 84770-4953







Thread