[1239] in cryptography@c2.net mail archive
Re: Attorneys: RSA patent invalid
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Jul 23 20:44:44 1997
Date: Wed, 23 Jul 1997 17:29:39 -0700
To: Vin McLellan <vin@shore.net>
From: Bill Stewart <stewarts@ix.netcom.com>
Cc: Cryptography@c2.net, shamrock@netcom.com, PADGETT@hobbes.orl.mmc.com,
pguthrie@visa.com
In-Reply-To: <v03007802aff9b733458e@[198.115.179.81]>
At 01:33 AM 7/22/97 -0500, Vin McLellan wrote:
> With respect, Lucky, this is simply not true. There are a lot of
>PGP/C'punk myths that demonize RSASDI, Jim Bidzos, and Ron Rivest, but
I've never heard anyone try to demonize Rivest or RSADSI.
Bidzos and PKP, yes :-) But not Rivest. People have complained that
RSAREF's license deliberately cripples the functions you can use,
and that the code isn't blazingly fast, but at least it's there.
And of course lots of us don't approve of software patents.
> few suggest Bidzos was so stupid as to price himself out of the market.
>I talked to Bidzos about doing a book on RSA back in 1990, and I recall
>RSADSI's prices then as identical to the terms RSA is reported to offer
>today: $25K upfront, and 2 percent of sales from an RSA-enhanced product.
$25K upfront is prohibitively expensive for freeware and
for garage-shop programmers. It's a drop in the bucket for a
large project such as Netscape that wants to add some security,
but in a 3-person-month email widget it's excessive.
On the other hand, it's now possible to license RSAREF for a much
more reasonable fee from Concentric; I think it's just per-copy
rather than a big up-front hit.
>Even today, if a company wants to implement RSA PKC as part of a
>commercial product, it might cost them, say, $200K to code it from
>scratch. If a developer can adapt the code one of the several RSA
>toolkits, the cost might drop to one-fourth or one-fifth of that.
A reasonably full-featured RSA implementation is about two pages of code,
even if you don't use SSLeay or one of the Finnish implementations,
plus you need a bignum library, readily accessible for free.
It's cheap. (Using the 2-line perl version is a bit more work :-)
>>ps wonder how many new products will be announced on Sept. 8th...
> Damn few, I'd think -- although I'd be glad to be proved wrong.
> Any major effort to develop a product around DH would probably
>already be underway; and the developer would already have a license in
>hand (and probably an RSA toolkit;-)
While the PGP folks do have a license, they'llbe able to use the
non-RSA parts after September 7th - yay!
> Padgett also asked if I used "solid" to refer to RSA patent alone,
>or to "DH + HM + RSA." I was quoting Bill Stewart, who used that word in a
>post to the Cyberia mailing list in reference to both the RSA and DH
>patents, independently. For myself, I'll leave the intricacies of patent
>law to the lawyers and stick with an accessible hobby... like Babylonian
>grammar.
I was probably referring to the technology rather than the patent language,
though DH+HM+HP+RSA together were certainly a strong patent lock.
Roger Schlafly's suit was interesting (there are date problems with
DH, and HM doesn't really work), but unlikely to be resolved much before
the DH patent expires anyway. The RSA patent by itself apparently
can generate more amusement for patent lawyers, but I don't know
if there's enough money in overthrowing it to be profitable.
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list or news, please Cc: me on replies. Thanks.)
