[3525] in cryptography@c2.net mail archive
dbts: Cryptographic Dog Stocks, The Dirigible Biplane, and
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Wed Oct 21 19:04:28 1998
Date: Wed, 21 Oct 1998 18:17:00 -0400
To: cryptography@c2.net, cypherpunks@cyberpass.net, e$@vmeng.com
From: Robert Hettinga <rah@shipwright.com>
--- begin forwarded text
Mime-Version: 1.0
X-Sender: rah@pop.sneaker.net
Date: Wed, 21 Oct 1998 15:54:38 -0400
To: Digital Bearer Settlement List <dbs@philodox.com>
From: Robert Hettinga <rah@shipwright.com>
Subject: dbts: Cryptographic Dog Stocks, The Dirigible Biplane, and
Sending the Wizards Back to Menlo Park
Sender: <dbs@philodox.com>
Precedence: Bulk
List-Subscribe: <mailto:requests@philodox.com?subject=subscribe%20dbs>
X-Web-Archive: http://www.philodox.com/dbs-archive/
-----BEGIN PGP SIGNED MESSAGE-----
dbts
By Robert Hettinga
Cryptographic Dog Stocks, The Dirigible Biplane, and Sending the Wizards Back
to Menlo Park
Boston, Massachusetts
October 21, 1998
It seems that Security Dynamics, trading at about 6, about 10% or so of its
high, is now considered an official dog stock as defined by today's Boston
Globe.
The Globe article was about local high-tech companies whose prospects for
future earnings growth were so bad that, among other things, they were trading
at 80 to 155 percent of cash on hand. A buy in Ben Graham's book, of course,
but in these days of sky-high multiples to future earnings, much less current
book value, who cares about "value" anymore, right?
Anyway, most of the comments in the article were about SD's hardware token
technology being made obsolete by digital "certificates". (The Globe's quotes,
but I agree with them. Just like I put quotes around digital "signatures",
which are nothing of the kind, though I haven't heard of something better call
*them* yet, either.) The Globe did mention SD buying RSA, but they forgot to
mention anything about the RSA patent expiring soon. About the only thing they
said was valuable about SD was their share in that roaring success, Verisign,
Inc., who, the Globe seems to imply, is evidently the sole marketer of those
self-same digital "certificates". I wonder what Thawte, CertCo, Entrust, etc.
made of *that* comment...
All of which reminds me of something I read in Forbes a while ago, about the
then-booming investment in security/crypto companies like NAI, RSA and, of
course, PGP. Something about how crypto will just end up embedded in various
operating systems/hardware, etc., and nobody will think about whose stuff
they're using anyway, as long as it just works. That any company which
specialized in crypto / security hardware and software, and nothing else,
especially one who sold generic crypto products on a stand-alone basis, was
going to get hammered in the long run by someone who just invented and
licensed their technology to someone else.
Frankly, I think that there may be something to that, but I'll go step further
and say that it's the commercial *application* of a technology that matters,
and not just the technology itself. That is, financial cryptography is a
market, but cryptography is just a technology, like commercial or military
aviation is a market, and aviation is just a technology.
NCipher is a good case in point. They're raking it in, and precisely because
they've solved a particular financial cryptography problem very well: how to
do a 128-bit SSL session as fast, and as cheap, as possible. C2Net did the
same kind of thing, by marketing the first commercially useful SSL module for
Apache, though lots of us hope it isn't a one-hit wonder.
However, it is NCipher which has really drilled down to pay-dirt, in my
opinion: The only thing that matters about book-entry settlement on the
internet is a sufficiently strong encrypted channel and nothing else. Be the
lowest cost producer of a 128-bit encrypted channel -- on the internet, that
means creating the most SSL sessions the fastest -- and you're mining gold.
Book-entry internet financial protocols which gild the lily, ones with
complicated cryptographic authentication, "certification", and the like, are
all getting hammered in the market, and that's why. It's as if they were
dirigibles with extra large biplane wings. If you're going fast enough with
one technology, you don't need the other. Even better, the second technology
weighs too much for the first to lift, and the first technology drags too much
for the second to fly. (And, of course, I think digital bearer settlement, in
this metaphor, is a 747 or an Airbus, with not only monoplane wings but jet
engines. But, then, you've heard me, um, fly that one by you before...)
Notice that both C2NET and NCipher were almost entirely bootstrap startups,
using little, if any, venture capital money. They found, and virtually
invented, a market, and they only used net earnings from their product sales
to expand themselves. They did not try to get venture capital first, selling
stock before they delivered any product, all so they could "own" intellectual
"property" monopolies. If they had tried to do so, they'd still be shopping
business plans somewhere, instead of making money.
It's beginning to look like venture capital is an industrial phenomenon,
requiring correspondingly long ramp-up times, and it may be that geodesic
markets move too fast for any "consensus" of the investment community to be
achieved and, um, capitalized upon, soon enough to make money on a consistent
basis, or at least in the presence of a savvy management team.
Note that early, first-mover microcomputer software companies like Microsoft,
and, later, I believe, Aldus and Adobe, didn't need venture capital, either.
Frankly, most of the pure internet companies like Yahoo probably would have
done fine without venture capital.
As it is, companies like Yahoo had VC people throwing money at them in
handfuls, which the principals probably could have just as well put in the
bank for the most part, instead of blowing it on television and full-page
newspaper advertising, like they did at Yahoo.
"Branding" is another quaint mass-market industrialism, in my book. On the
net, reputation is a whole lot easier to maintain than an industrial "brand",
and, eventually, someday, most web-services are going to be graded commodities
sold for digital cash at the time of use. Advertiser-supported, "branded"
sites like Yahoo are there now because we haven't figured out a cheap enough
way to pay for their services yet. In the meantime, "portals" like Yahoo have
found the main vein of advertiser money, and I wish them well. I expect,
unless they've got a lawyer worthy of the sophists, they don't control any
significant patents at all, unless they inherited some through their various
acquisitions. Of course, said sophistic legal beagle is probably kicking
himself for not patenting their whole business "process" before it all became
the rage, but that's another story. I can only imagine what a "patent" on
"portal" site would look like...
Which, oddly enough, brings me, finally, to my favorite business model for
crypto companies, qua crypto companies. That is, Dolby, Inc., who has, it
appears, nothing but scientists and lawyers -- and lots of money.
There is something considerable to be said for just inventing something,
licensing it, validating the licensee's implementation, and enforcing the
patent, if you have one, against infringers, if you get them.
There are lots of technologies which this could be done to in the digital
bearer transaction area, including, of course, the blind signature patent,
MilliCent, and others. In the meantime, I predict that any attempt by people
other than scientists (and their lawyers :-)) to compete in the market for
cryptographic algorithms will continue to be slapped down. We've already seen
it happen with DigiCash, RSA, and, with DEC/Compaq for Millicent. Someday, of
course, we may not even need lawyers, but that's a crypto-anarchic rant for
another day.
Remember Edison, the "Wizard of Menlo Park", who was kicked out of his own
electricity company and sent packing by J. Pierpont Morgan for micromanaging
the business into the ground (and investing in household direct current long
after its commercial usefulness). J. Pierpont Morgan, as chairman of the
board, reorganized and then hired a few more people and started Consolidated
- -- and several other -- Edison companies. And General Electric.
Edison went back to Menlo Park to invent more stuff, and to collect handsome
royalties on all his other electric technology, which did sell, and famously,
as we all now know.
So, again, cryptographers should write cryptography, and sell cryptography.
God knows the rest of us can't do it. Other people should sell cryptographic
*products*.
Those of us who want to sell crypto stuff should just go out there and give
someone what they need for a fair price, and let the product's *market* invest
in your business. If you're forced to give out enough options to keep your
best people after they've earned you lots of money, you may be legally
*required* to go public, like Gates did after a while. Nice problem to have, I
suppose, but you don't need a venture capitalist to get you that far.
Again, the lesson is, if don't go looking for money anywhere but in your
customer's pockets, you'll do just fine.
And, of course, if the cryptographer who wrote the protocol you're using --
and his lawyer -- have done their homework right, you'll be paying the
cryptographer a nice comfortable royalty.
That way, with Edison back at Menlo Park, there'll be more crypto where that
came from.
Cheers,
Bob Hettinga
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.5
iQEVAwUBNi46rsUCGwxmWcHhAQEcCAf+MC87lCHHUY3Ok1LsTy3TjMmqIHl80IBW
POzLW9kgG5Fb85JcjxU1/+X+IwIa9hfHs1if7PR/lz1zbFMRqa8U5QXyM56gLbeR
5vn02d2S+ZtvphQRlVH1vpMjC9w55NRUoMILVT47v7ClRuLTzsGq+b6OBcXU3KF6
O7UK0akRTdXoau9cSGORSe/8wJogQdLpdks+Mic2kyb9llL9G+isw6vGcRDXiEDy
EsKmN2kK0kYWEPqbBQLJh2ci9q4AEmoLztgNUfzZzPeX/GesyIpMFQT5JImeP9C6
xM6iKwPANHqw7+xMNFCi3uE0EkKQcolQHP7Vd3HAD3PHFyihs7AAjQ==
=691U
-----END PGP SIGNATURE-----
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
