From: hal@alumni.cco.caltech.edu (Hal Finney)
Date: Fri, 11 Jun 93 22:28:15 PDT
To: cypherpunks@toad.com
Subject: PKP sellout?
Message-ID: <9306120527.AA03229@alumni.cco.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain


This was my response on sci.crypt to this announcement that PKP will
be supporting DSS, and licensing its technology for use by Clipper
phones.  Thanks to Lance for alerting us to this announcement.

-----

jim@rand.org (Jim Gillogly) forwards:

>This is to notify the public that the National Institute of
>Standards and Technology (NIST) intends to grant an exclusive
>world-wide license to Public Key Partners of Sunnyvale, California
>to practice the Invention embodied in U.S. Patent Application No.
>07/738.431 and entitled "Digital Signature Algorithm."

And so it appears that another patent jewel will be added to the crown
worn by PKP, the de facto owner of cryptographic technology in the United
States.  They will have an exclusive license to the DSA, as they already
do to RSA and most other worthwhile encryption technologies.

This also appears to put to rest the much-publicized feud between RSA and
NIST/NSA.  Conspiracy theorists can now comfortably return to the
position that PKP/RSADSI is actually an arm of the NSA, dedicated to
restricting and delaying access to strong cryptography as much as
possible.

>Notice of availability of this invention for licensing
>was waived because it was determined that expeditious granting of
>such license will best serve the interest of the Federal Government
>and the public.

Once again we are presented with a fait accompli; no other organizations
were given an opportunity to bid for the licensing of this patent.  The
government prefers to see PKP holding the keys to all cryptography in the
U.S.  Remember how Clipper's technology was similarly assigned to
particular corporations on a non-competitive basis?

>Subject to NIST's grant of this license, PKP is pleased to declare
>its support for the proposed Federal Information Processing
>Standard for Digital Signatures (the "DSS") and the pending
>availability of licenses to practice the DSA.

And what of the technical objections to DSA/DSS raised in earlier
documents by officials of RSADSI, such as in the recent CACM?  No doubt
those objections are now moot.

>PKP will also grant a license to practice key management, at no
>additional fee, for the integrated circuits which will implement
>both the DSA and the anticipated Federal Information Processing
>Standard for the "key escrow" system announced by President Clinton
>on April 16, 1993.

So PKP is now supporting key escrow and Clipper.  Can anyone seriously
argue that this company is a friend to supporters of strong cryptography?  

These are dark times indeed.  PKP has thrown in with the government,
getting behind DSS and Clipper in exchange for exclusive licensing
rights.  Their ownership of DH and RSA will make it that much harder for
any competition to Clipper to arise.

If the 60-day comment period really means anything, perhaps public
criticism can be effective here.  There is much to be concerned about in
this announcement.

Hal Finney
hal@alumni.caltech.edu