[1229] in cryptography@c2.net mail archive
Re: Attorneys: RSA patent invalid
daemon@ATHENA.MIT.EDU (Vin McLellan)
Tue Jul 22 10:22:23 1997
In-Reply-To: <3.0.2.32.19970720013438.006ed9e8@netcom10.netcom.com>
Date: Tue, 22 Jul 1997 01:33:04 -0500
To: Cryptography@c2.net
From: Vin McLellan <vin@shore.net>
Cc: shamrock@netcom.com, PADGETT@hobbes.orl.mmc.com, stewarts@ix.netcom.com,
pguthrie@visa.com
>At 07:24 PM 7/19/97 -0500, Vin McLellan wrote:
>> Also, RSADSI really _worked_ that patent. It rarely licensed the
>>"concept," it usually provided the whole implementation, along with
>>alternatives and complementary code, packaged in a toolkit -- at a price
>>and under T&Cs that their big customers must have considered fair and
>>equitable.
Lucky Green <shamrock@netcom.com> replied:
>Assuming one equates "cheaper than litigation" with "fair and equitable".
>Fact is, RSA licensing terms used to be so outrageous that they kept the
>technology from being deployed in any meaningful way for years. It wasn't
>until PGP popularized RSA, under constant threats of litigation by Bidzos,
>that RSADSI came around and offered more reasonable terms.
With respect, Lucky, this is simply not true. There are a lot of
PGP/C'punk myths that demonize RSASDI, Jim Bidzos, and Ron Rivest, but few
suggest Bidzos was so stupid as to price himself out of the market. I
talked to Bidzos about doing a book on RSA back in 1990, and I recall
RSADSI's prices then as identical to the terms RSA is reported to offer
today: $25K upfront, and 2 percent of sales from an RSA-enhanced product.
No change, except when you factor in inflation. I don't know if
that was "fair" -- although it certainly didn't seem outrageous (and it
looks like a deal today.) The fact that RSA wouldn't negotiate the terms of
their licenses was a source of great resentment among the corporate
negotiators who were used to bullying small suppliers. RSADSI was an ant
(everyone was bigger than they were!) that refused to be stepped on.
Lucky recalled:
>There is a reason why RSADSI is disliked by so many players in the
>industry. And somehow I doubt it is due to their licensing terms being fair
>and equitable. :-)
>
>To quote a key person at a major RSA licensee: "We would love to give RSA
>the boot tomrrow... But unfortunately, there is no PKI in place that
>doesn't require RSA".
In the real world, little companies get twisted like pretzels by
bigger companies. In 1990, RSADSI was tiny, 7 guys, with a trickle of
revenue -- but they seldom bent much on price or terms of their license.
They held to price, even when cash were scarce, because (they said)
their technology made at least that much difference in a product's market
potential. And they wouldn't renegotiated the license (particularly for
the toolkits, the implementation code) because -- as I understood it --
they believed that the biggest threat to their patent was if they
inadvertently negotiated away some obscure element in the boilerplate
license their lawyers had developed.
(Licensing the implementation code seemed to require the T&Cs to be
more rigid, for reasons I don't recall. Patent law for software -- let
alone applications built around crypto algorithms -- was still new; and
amid those uncertainties, there wasn't a lot of room for the give and take,
and take, common in corporate negotiations between big and little folk.)
Phil's free PGP dropped RSA into the hands of independent little
people like me in the early '90s -- but it's only PGP Myth that PGP or Phil
Zimmerman created the mass market for RSA. It took the explosive growth of
the Internet, and later the Web, to do that. (What PGP did do -- as early
as '92, '93 -- was push RSADSI into making its toolkit available without
charge to freeware developers who were going to freely distribute their
apps.)
Juggernauts like IBM, Microsoft, Sun, etc. doubtless got special
deals (some, reportedly, unlimited-use licenses on RSA PKC for a one-time
fee.) Tellingly, almost all of them started with a license for the RSA...
then, later, came back to RSADSI to negotiate a license for the RSA
toolkit. And they kept coming back to purchase access to each successive
enhancement, or new algorithm, or new protocol. RSA became more than a
one-trick pony early on; and with the toolkits, their implementation code,
they defined their market advantage.
IMNSHO, much of the net's Scriptural Doctrine on the evolution of
the PKI market vastly underestimated the importance of the RSA toolkits,
and the successive additions that RSA -- and Rivest himself -- made to the
generic cryptographic library. (Indeed, it's hard to consider modern
cryptography without the creativity of Ron Rivest.)
Even today, if a company wants to implement RSA PKC as part of a
commercial product, it might cost them, say, $200K to code it from scratch.
If a developer can adapt the code one of the several RSA toolkits, the cost
might drop to one-fourth or one-fifth of that. And as the toolkit
implimentations have withstood time and the stress of integration into
multiple apps, they became more trusted, more valuable. To rephrase
Lucky's bullet:
There is a reason why RSADSI is respected by so many players in the
industry.
Other implementations might be faster (e.g. Eric's SSLeay,) but the
crediblity and reputation of RSA Labs adds significant commercial value to
an end-user product -- in the eyes of both RSA's licensee, and that
licensee's customers, as well.
A. Padgett Peterson <PADGETT@hobbes.orl.mmc.com> cut to the quick,
as usual, to ask:
>ps wonder how many new products will be announced on Sept. 8th...
Damn few, I'd think -- although I'd be glad to be proved wrong.
Any major effort to develop a product around DH would probably
already be underway; and the developer would already have a license in hand
(and probably an RSA toolkit;-) To have a product in the market early is
surely worth the loose change such a license would cost.
PGP notwithstanding, there isn't much of a market for security per
se -- only for secure and closely-integrated applications; specific
functionality which is enhanced by cryptography. I'd look for some
established products to absorb DH, rather than new products. The big
constraint is buyer confidence. Most of the commercial market, if not the
public, now realizes that the real risks in modern cryptography lie in the
implementation. Possession of the appropriate algorithm -- free or
licensed -- is only the first of many steps toward having a marketable PKC
product. Few are going to quickly buy a cryptographic solution built
around an untried and untested implementation of any PKC algorithm --
however appropriate, sturdy, and understood the fundamental math.
Padgett also asked if I used "solid" to refer to RSA patent alone,
or to "DH + HM + RSA." I was quoting Bill Stewart, who used that word in a
post to the Cyberia mailing list in reference to both the RSA and DH
patents, independently. For myself, I'll leave the intricacies of patent
law to the lawyers and stick with an accessible hobby... like Babylonian
grammar.
Surete,
_Vin
Vin McLellan + The Privacy Guild + <vin@shore.net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --
