1997-01-14 - Re: RSA challenge: is it legal to try?

Header Data

From: Greg Broiles <gbroiles@netbox.com>
To: iang@cs.berkeley.edu (Ian Goldberg)
Message Hash: f36618bc1e4c7b8fcd0d491910b9de3cb61778387ba0117b1d5e705bef2597e2
Message ID: <3.0.32.19970113234047.00759c60@mail.io.com>
Reply To: N/A
UTC Datetime: 1997-01-14 07:43:33 UTC
Raw Date: Mon, 13 Jan 1997 23:43:33 -0800 (PST)

Raw message

From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 13 Jan 1997 23:43:33 -0800 (PST)
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: RSA challenge: is it legal to try?
Message-ID: <3.0.32.19970113234047.00759c60@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:50 PM 1/13/97 -0800, Ian Goldberg wrote:

>According to http://www.rsa.com/rsalabs/newfaq/q76.html, RSA is in the
>process of patent application for RC5.  Does that mean it's illegal to
>write a keysearch program for the RC5 challenges (unless you use BSAFE
>or something like that)?

Seems to me that a defendant who was participating in the challenge (or
working with people who were, or was getting ready to participate) would
have a strong argument that RSA gave implicit permission to use the
patented algorithm in connection with the contest, or that a patent
infringement action by RSA against a defendant who was participating in the
contest would be barred by the doctrine of equitable estoppel. (Very
broadly, equitable estoppel says that you can't tell someone "X", and then
sue them on a theory of "not X", or come to court and argue that they are
liable because of "not X".) Perhaps somewhere in the contest rules there's
a limitation on the software/source code to be used? (I poked through the
contest stuff a few days ago, and didn't see anything like that, but I got
the impression that they weren't entirely finished putting it together.)

YMMV, IANALUIPTB (.. until I pass the bar), etc. But it would be
monumentally stupid to create a contest and then punish people for
participating. The contest seems likely to do two things (beyond test the
strength of the algorithm): develop an installed multiplatform base of
optimized code which runs RC5, and give people who possess/distribute it a
legal reason for having done so. So it'll be tough to stuff the RC5 rabbit
back in the hat when the contest is over. RC5 seems destined to end up like
RSA public-key, Diffie-Hellman, and IDEA - publically available (and
probably deployed in free "rogue" software) yet only available commercially
for a fee. Presumably the RC5 patent (if one is awarded) won't suffer from
the peculiarities of the international patent schemes which made RSA only
patentable in the US.


--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





Thread