From: smb@research.att.com
Date: Sun, 13 Jun 93 01:34:11 PDT
To: ld231782@longs.lance.colostate.edu
Subject: Re: PKP sellout = betrayal
Message-ID: <9306130834.AA01183@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 Let me remind everyone that Capstone has a yet-unspecified
	 exchange protocol. Denning suggested on RISKS that
	 Diffie-Hellman (covered by PKP patents) `could be used'.
	 There is some serious evasion going on here. If Capstone is
	 already built, with a public-key algorithm installed, it
	 suggests that PKP has been cooperating on the Clipper/Capstone
	 proposals all along.  It will be most interesting to hear
	 announcements on Capstone that announce its key exchange
	 mechanism.

I'm not sure what your point is here.  It requires no conspiracy to opt
for Diffie-Hellman as a key exchange mechanism; it's simply the obvious
way to do things.  (I'm speaking professionally here; cryptographic
protocols are one of my research areas.)  The STU-III's already use
Diffie-Hellman; it's possible that the government's license for that
patent grants it broad rights for such things.  (The government does
have free use of RSA; is there any such clause with respect to Diffie-
Hellman?)

	 PKP `had' the ability to murder Clipper/Capstone in its crib
	 if it so desired, more so than any other single nexus, by
	 denying the right to use public key algorithms (on which it
	 now has a strangling, monopolistic lock). Gad, I can't believe
	 it didn't occur to me to lobby them to do so. In retrospect,
	 it wouldn't have done anything more than heighten the
	 inevitable betrayal.

No, PKP had no such ability.  Clipper was always a potential source of
profit to them, precisely because either RSA or Diffie-Hellman was
needed for it.  Given that they were going to make money from Clipper,
the only question was how much.  As Deep Throat said ~20 years ago,
``Follow the money''.  (Those a bit older still should recall Dow
Chemical's position on co-operating with the government.)

``Betrayal'' is a moral term.  As I said before, corporations don't
care about such things, only about bottom lines.

That some settlement about DSA would be reached was inevitable.  NIST
needed PKP's assent to go ahead with DSA.  PKP wanted to make money
from the DSA, because it extends their profitable lifetime -- the RSA
patent expires in 2001, whereas the Schnorr patent doesn't expire till
2008.  PKP only opposed DSA while they didn't own the Schnorr patent;
their other handle on DSA, the Diffie-Hellman patent, expires even
earlier (1997).

The interesting thing is the incentive to use Clipper.  That's not
something PKP cares about one way or another, compared with any sort of
widespread use of cryptography (though perhaps RSADSI does; if private
cryptography is restricted, RC2 and RC4 have much less of a market).
Obviously, NIST wanted some clause like that.  In exchange, they had to
give PKP something more.  My guess is that the hook was to grant them
exclusive world-wide licensing rights to DSA, rather than simply a cut
of the royalties.

	 Maybe Mr. Bellovin can clarify how this agreement represents
	 an `encouraging trend in the private sector to compete with
	 the NSA' -- Good lord man, not unless you think that PKP
	 represents the entire private sector in cryptographic
	 applications. Uh, touche' -- you do and it does.

I was unclear; I wasn't referring to the agreement at all.  Rather, I
meant that Schnorr had invented the algorithm that NIST had to have --
a signature scheme that is very efficient for smart cards, but could
not be used for secrecy.  NSA apparently didn't have anything better; I
can't believe they and NIST were unaware of Schnorr's work (though
perhaps they were unaware of the patent).  (I suppose, of course, that
NSA might have had something totally different, which they couldn't
discuss because it would open up new areas for civilian research...)

	 P.S. doubt P.R.Z. will be in a docile mood after hearing this
	 one...

Especially given the part about reserving the right not to license to
infringers....