From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sat, 27 Apr 1996 14:04:20 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: RSAREF dos not give you access to RSA
In-Reply-To: <199604250814.BAA07715@toad.com>
Message-ID: <199604262148.RAA27065@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: Bill Stewart <stewarts@ix.netcom.com>
> Date: Thu, 25 Apr 1996 01:11:13 -0700
>
> 5) the price of RSA is fairly low, once free RSAREF came out

RSAREF does not give you RSA.  Do not think that you can write and
distribute free software that uses RSA encryption in the US just
because of the existence of RSAREF.  If you don't believe me, let me
tell you a little story.

The RSAREF license strictly requires that you only use the documented
RSAREF interface, which does not include direct access to the RSA
functions.  The relevant portion of the RSAREF license is section 2d:

          Prior permission from RSA in writing is required for any
          modifications that access the Program through ways other
          than the published Program interface or for modifications to
          the Program interface. (See the "What is it? RSAREF Supports
          the Following Algorithms" and "What You Can (and Cannot) Do
          With RSAREF," paragraph 4, all incorporated herein by
          reference, for details.) RSA will grant all reasonable
          requests for permission to make such modifications.

PGP got a such "prior permission" to call functions outside of the
RSAREF interface.  However, that is only because PGP was such a
high-profile case with a lot of MIT people behind it.

On July 10, 1995, Tatu Ylonen sent mail to RSA attempting to get
permission for US users to use RSAREF with ssh.  Since ssh requires
double encryption, something impossible to achieve through the
published RSAREF interface, it called two of the functions PGP also
uses, namely RSAPublicEncrypt and RSAPrivateDecrypt.

It took RSA until September to respond to the original request, at
which point they told Tatu they could only consider such a request
coming from a US citizen.  On Monday, September 11, 1995, I therefore
sent in my own request to be able to use ssh with RSAREF.

After many many messages, I got bounced around from RSA to Consensys
Corp. and back to RSA.  I was never able to get permission to use ssh
with RSAREF.  For a while I was a bit optimistic about the situation.
For example on February 16, 1996, I was told the permission letter
"should be sent out next week."  However, it's been a couple of months
since then and still no letter.

Even if I get the letter tomorrow, however, it still will have been 9
months since the first request to RSA went in.  The RSA folks seemed
particularly concerned that the permission letter might be used for
more than one particular program, or even more than one particular
version of a ssh if major changes occured.  In one letter, for
instance, someone from RSA said:

   We'd like to avoid granting open-ended permission like: SSH
   provides for all of your security needs and the RSA calls are used
   to provide any kind of security service deemed useful now and in
   the future.  Not that we wouldn't grant permission to new
   function/feature requests, rather we'd like to incentivize you to
   keep us posted as ssh grows.

That means if I got a permission letter tomorrow, but in several
months ssh was modified to use a better MAC, I might have to wait
another 9 months to use the latest version ssh (which might no longer
be the latest version by that point).

Even if you think 9 months is an acceptible amount of time to wait to
release an application you have written, consider this:  First of all,
I don't have the permission letter yet.  I might get it tomorrow, I
might get it in a year, or I might not get it before the RSA patent
expires.  Second of all, the only reason I have gotten as far as I did
with this permission letter is because someone from MIT helped get me
in touch with someone at RSAREF who would actually read my mail.
Before that, I was told by RSA that I could only deal with Consensys
Corp., and Consensys Corp. told me they could not grant me the kind of
permission letter I was requesting, so that I was basically stuck
(well, in theory Jonathan Zamick from Consensys Corp. could still be
working on getting permission from RSA, but I haven't heard back from
him since Nov 9, [except when he wanted to license IDEA to me, which
ssh fortunately already has permission to use]).

Conclusion:  You can't use the RSA algorithm in free software.  The
RSAREF interface is too restrictive, and when RSA says in the license
that "RSA will grant all reasonable requests for permission to make
such modifications" to the interface, it is either an outright lie, or
something that only happens after so much delay that they might as
well not give you such permission.

David

P.S.  You can help fight software patents!  Join the league for
programming freedom (http://www.lpf.org).