From: fnerd@smds.com (FutureNerd Steve Witham)
To: cypherpunks@toad.com
Message Hash: 011cea549353a8fc908f8e2ae38a2d75f7f3e5b8d58c071b98d6f8f2b9219d5c
Message ID: <9304301927.AA22360@smds.com>
Reply To: N/A
UTC Datetime: 1993-04-30 19:44:40 UTC
Raw Date: Fri, 30 Apr 93 12:44:40 PDT
From: fnerd@smds.com (FutureNerd Steve Witham)
Date: Fri, 30 Apr 93 12:44:40 PDT
To: cypherpunks@toad.com
Subject: PGP vs. RSADSI--what conflict?
Message-ID: <9304301927.AA22360@smds.com>
MIME-Version: 1.0
Content-Type: text/plain
Cypherpholks--
Neither abandoning PGP nor antagonizing RSADSI seem necessary to me.
This letter makes a 3/4 page summary of that belief after which I
mention some interesting side issues.
Eric Hughes' understanding of the situation confirms my intuitions--
RSADSI pretty much has to either act the way it's acting
or else just roll over.
and They seem agreeable to a technically good PGP/RSAREF connection.
but That's work.
On the middle point, in particular I don't think they'll insist we use
DES or a slow engine. For people who don't get why those restriction seem
to be there but aren't, I suggest rereading Eric's article.
Although I have strong feelings about the patent issue, and although it
affects the privacy issue, I definitely put the privacy issue first.
Given that it seems we can separate the two issues, I don't see why we
shouldn't.
Although I agree with Tim that being non-confrontative with RSADSI is
smart, I don't see PGP and RSADSI as quite so hard to reconcile as he
seems to:
> If the government ever outlaws strong crypto, you can be sure I'll be
> using outlaw crypto. The difference with the current situation is
> that crypto per se has not yet come under regulation.)
And PGP per se is not outlaw. Only the current version and lack of license.
Let's conceptually separate PGP, Phil's RSA/MD5 engine (PGRE?), and using/
distributing PGRE in the USA. Only the third is a problem with RSADSI.
> ...bootleg
> crypto (which is what PGP will remain in this country unless and until the
> courts overturn the patents or RSA suddenly decides to cave in)...
Pshaw. Until it's worked out. No "sudden caving in" is needed. Tim, you
were the one who reported that Jim Bidzos was sounding agreeable.
> Furthermore, neither Phil nor any other members of the development team are
> likely to ever make any money with this
^^^^ PGRE
Phil could finally solicit shareware fees.
Now the side issues:
There could conceivably be an issue in the future for people working with
RSAREF--who have SEEN THE CODE--and then wanting to develop other crypto
stuff later. People have attempted to avoid this legal hassle in the past
by setting up a "clean room" where only specs and interfaces are known...
RSAREF is copyrighted stuff, right?, which puts you in a slightly different
legal position when you have it/distribute it. Assuming PGP gets a
license to be shareware, I see this being less of a problem than the
current situation.
But even if PGP gets some kind of license, would individuals still have
to sign agreements with RSADSI? I feel more serious about personal
agreements than copyrights or patents. Will it be the standard RSAREF
individual license? Does it require you to *act as if* they had rights
some of us care about them not having? (Rights to the specific code don't
bother me too much.)
> (isn't e-mail great?...Stanton posts it, and Jim Bidzos, the
> Pres. of RSA responds...no lawyers were needed, no lengthy delays.).
At the CFP conference that Tim missed ~{;o), Cliff Stoll was remarking that
eventually all sorts of nasty things happen related to the net--except
lawsuits. We guessed that the availability of the quick, public response
might have a lot to do with that. Here we have a threat; can anyone
think of an example of an email-related suit that was carried through?
-phnerd, er, fnerd
quote me
--fnerd@smds.com (FutureNerd Steve Witham)
Return to April 1993
Return to “fnerd@smds.com (FutureNerd Steve Witham)”
1993-04-30 (Fri, 30 Apr 93 12:44:40 PDT) - PGP vs. RSADSI–what conflict? - fnerd@smds.com (FutureNerd Steve Witham)