From: rross@sci.dixie.edu (Russell Ross)
To: ssl-talk@netscape.com
Message Hash: 32a954852949def4bec6b0a96fffc78f64f068759dc3b8a894b7153d45c544bd
Message ID: <v01520d05ac3c5174f88c@[144.38.16.209]>
Reply To: N/A
UTC Datetime: 1995-07-26 20:03:13 UTC
Raw Date: Wed, 26 Jul 95 13:03:13 PDT
From: rross@sci.dixie.edu (Russell Ross)
Date: Wed, 26 Jul 95 13:03:13 PDT
To: ssl-talk@netscape.com
Subject: Re: RC4
Message-ID: <v01520d05ac3c5174f88c@[144.38.16.209]>
MIME-Version: 1.0
Content-Type: text/plain
>From: Alex Tang <altitude@umich.edu>
>> I talked with RSA yesterday specifically about free servers and RC4.
>> They just said that they would need a business plan for the
>> server product. When i said that the product would be free, they started
>> talking in circles about how everyone who uses RC4 needed a license (but i
>> was asking about the licenses...) I asked flat out "how much would a
>> license for RC4 cost for a free server product". They only reponded with
>> "Very Expensive", and then went on about a business plan.
>
>Ask them about the free version of RC4 which is circulating. If they say
>it is patented ask them for the patent number. Ask them why you should
>pay them big bucks if you can get it for free.
Here's their reply to a similar correspondence:
>The RC4 algorithm is copyrighted by and intellectual property of RSA Data
>Security. For use of this algorithm in a product or service you plan to
>sell, you may use the RC4 software implementation from our BSAFE toolkit.
>Licenses are not available for other commercial software implementations of
>this algorithm other than what is included in our BSAFE toolkit.
I wasn't aware that you could copyright an algorithm. Patent, yes, but not
copyright. Intellectual property meens secret, right? Aren't there any
precendence cases involving propriety schemes that are reverse engineered?
I know there have been, I just can't remember what they are. In any case,
RSADSI is likely to sue anyone who attempts to use the RC4 code openly, and
even if they lose there are considerable legal fees involved for whoever
tries it. What if a bunch of people put secure HTTPd servers online at the
same time, without any clear trail pointing to the first one? If the RC4
code really is legal to use, this would make it hard for RSADSI to pinpoint
anyone to sue, thus eliminating the intimidation factor.
By the way, since RSA is such a vocal opponent of the Clipper chip on the
grounds of its secret Skipjack algorithm, why does it market secret
algorithms like RC4 and RC2? Does this seen like a double face to anyone
else?
-----------------------------------------------------------
Russell Ross email: rross@sci.dixie.edu
1260 N 1280 W voice: (801)628-8146
St. George, UT 84770-4953
Return to July 1995
Return to “stopak@orionsci.com (Noam Stopak)”