Re: IDEA patent vs the recent USPTO memorandum
David Shaw wrote: If the some people still want this, I haven't seen it in a good long while. Possibly they gave up asking. Probably. However, if someone wants IDEA support for whatever reason there is still the IDEA plugin. It still works with GnuPG 1.4.10 for both Linux and Windows, although I have not tested it with the 2.0 versions. To say nothing of the fact that compliant OpenPGP implementations are explicitly banned from generating RFC-1991 keys. Why is that? Forced upgrading? Anyway, pgp 2.6.3ia builds just fine on modern Linux and win32 platforms. For win32, all you have to do is make a project file including all source files in Visual Studio and compile it. Long filename support etc. comes automatically so windows users don't have to be stuck with some DOS executable which would be a pita. -- ir. J.C.A. Wevers // Physics and science fiction site: joh...@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
On Sep 21, 2009, at 2:30 PM, Johan Wevers wrote: David Shaw wrote: If the some people still want this, I haven't seen it in a good long while. Possibly they gave up asking. Probably. However, if someone wants IDEA support for whatever reason there is still the IDEA plugin. It still works with GnuPG 1.4.10 for both Linux and Windows, although I have not tested it with the 2.0 versions. There is IDEA support (as this is part of OpenPGP, albeit with patent issues), but no V3 key generation support. To say nothing of the fact that compliant OpenPGP implementations are explicitly banned from generating RFC-1991 keys. Why is that? Forced upgrading? I recall it was not so much forced upgrading, as a general feeling of enough already. If you take a look at the ietf-openpgp archives for 2003-2004, you'll see a few discussions around it. Mind you, the statistics we played with at the time (4-5 years ago) showed that over 90% of keys on the keyservers were V4. I doubt that number has gone anywhere but up since then. Another way to look at it is that the new wording around V3 keys (including the no-generate rule) enables someone to write an OpenPGP implementation that has no V3 support whatsoever (something which wasn't doable in RFC-2440). David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
Gentlemen, I really appreciate the comments you've made on the subject and the little debates as well. That was exactly what I was expecting. Sometimes, regular users do not have the proper notion of whether some functionality merits attention. All in all, it looks like IDEA, even if totally freed, is sentenced to gradual abandonment. Is this perception of mine correct? Regards, On Mon, Sep 21, 2009 at 4:48 PM, David Shaw ds...@jabberwocky.com wrote: On Sep 21, 2009, at 2:30 PM, Johan Wevers wrote: David Shaw wrote: If the some people still want this, I haven't seen it in a good long while. Possibly they gave up asking. Probably. However, if someone wants IDEA support for whatever reason there is still the IDEA plugin. It still works with GnuPG 1.4.10 for both Linux and Windows, although I have not tested it with the 2.0 versions. There is IDEA support (as this is part of OpenPGP, albeit with patent issues), but no V3 key generation support. To say nothing of the fact that compliant OpenPGP implementations are explicitly banned from generating RFC-1991 keys. Why is that? Forced upgrading? I recall it was not so much forced upgrading, as a general feeling of enough already. If you take a look at the ietf-openpgp archives for 2003-2004, you'll see a few discussions around it. Mind you, the statistics we played with at the time (4-5 years ago) showed that over 90% of keys on the keyservers were V4. I doubt that number has gone anywhere but up since then. Another way to look at it is that the new wording around V3 keys (including the no-generate rule) enables someone to write an OpenPGP implementation that has no V3 support whatsoever (something which wasn't doable in RFC-2440). David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
On Sep 21, 2009, at 10:11 PM, M.B.Jr. wrote: Gentlemen, I really appreciate the comments you've made on the subject and the little debates as well. That was exactly what I was expecting. Sometimes, regular users do not have the proper notion of whether some functionality merits attention. All in all, it looks like IDEA, even if totally freed, is sentenced to gradual abandonment. Is this perception of mine correct? In my opinion, yes. These days, you'd need a good reason to use IDEA rather than AES, CAST5, or even 3DES. When you add in the fact that IDEA actually costs money (heresy!) and nearly every competitor is free, it becomes a fairly easy calculation to make. In the context of OpenPGP, the gradual abandonment has already happened. The usage today is non-zero, but negligible. The only reason the IDEA discussion comes up here (usually once or twice a year) is that PGP 2.x used it back in the 1990s. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
M.B.Jr. wrote: All in all, it looks like IDEA, even if totally freed, is sentenced to gradual abandonment. Is this perception of mine correct? It is more accurate to say it has already been abandoned. Very few people today use IDEA as a symmetric cipher for OpenPGP messages. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
Message: 2 Date: Wed, 16 Sep 2009 16:40:02 -0400 From: David Shaw ds...@jabberwocky.com If the some people still want this, I haven't seen it in a good long while. Possibly they gave up asking. as an old-time pgp 2.x user, have often put the question to some of the die-hard remailer 2.6 users: 'why don't you just switch to gnupg?' this is the reason i got in response: i'm very concerned about my privacy, which is why i bother to use a remailer in the first place i carefully went over every line in the pgp 2.6 sourcecode, and i'm happy with it if only there were a gnupg mini-version with a shorter source-code, (or at least one that's readable by someone looking at it from scratch, not just reading the updates and patches as they go along) then i'd gladly switch to be fair, several of them 'have' switched to Disastry's version, and can use any algo or hash in open pgp (except those that came after Disastry ;-( ) specifically because his source code is short enough to be readable (disclaimer, not by me, am not at that semi-paranoid level yet, and at the medium compromise level of: the stuff i want to encrypt and/or sign, isn't that important enough, and i'm willing to trust experts in the field who have vetted the code ;-) ) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
ved...@hush.com wrote: if only there were a gnupg mini-version with a shorter source-code, (or at least one that's readable by someone looking at it from scratch, not just reading the updates and patches as they go along) then i'd gladly switch This is doable. I did this in '99 for GnuPG 1.0. I haven't done it since, but given the codebase is still in the same ballpark, size-wise, I find it hard to believe it's impossible today. It seems strange to imagine there's someone not capable of auditing the GnuPG code, but is capable of auditing the PGP 2.6 code. Having read both codebases (albeit not a recent GnuPG codebase), I found GnuPG's code to be much clearer and easier to understand than PGP 2.6's. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
M.B.Jr. wrote: I've recently had access to this document, written by the United States Patent and Trademark Office (USPTO) which basically tries to ban software patents. The memorandum in question is eight pages, twenty slides and two flowcharts. As a ballpark estimate that would mean it would take an IP lawyer about two days to figure out what this means for the specific subject of patented cryptographic algorithms. It would take the non-experts on this list many times that long, if we could do it at all. There may be patent lawyers on this list who are familiar with the memorandum in question who are willing to speak in a public forum about it. Weirder things have happened. But speaking for myself, I do not have the time it takes to (a) become an expert on U.S. patent law, (b) read the memorandum, and (c) consider how it changes the U.S. patent system, and (d) write up my results. If this is important to you, I would suggest speaking with an IP lawyer. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
On Sep 16, 2009, at 1:56 PM, M.B.Jr. wrote: Hi list, I've recently had access to this document, written by the United States Patent and Trademark Office (USPTO) which basically tries to ban software patents. The memorandum is here: http://www.uspto.gov/web/offices/pac/dapp/opla/2009-08-25_interim_101_instructions.pdf the case is, I'm really interested in reading your opinions of what this could mean to optional OpenPGP ciphers like IDEA. Whether this means IDEA is okay or not patent-wise, I have a slightly different take on this: who cares about IDEA at this point? IDEA was good back in the 90s and PGP 2.x. It's 2009 now, and we have better ciphers than IDEA, a massive installed software base that doesn't use IDEA, and nobody is suffering for the lack of IDEA. If IDEA was suddenly not patented, none of this would change. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
On Wednesday, September 16, 2009, at 12:46PM, Robert J. Hansen r...@sixdemonbag.org wrote: M.B.Jr. wrote: I've recently had access to this document, written by the United States Patent and Trademark Office (USPTO) which basically tries to ban software patents. The memorandum in question is eight pages, twenty slides and two flowcharts. As a ballpark estimate that would mean it would take an IP lawyer about two days to figure out what this means for the specific subject of patented cryptographic algorithms. It would take the non-experts on this list many times that long, if we could do it at all. There may be patent lawyers on this list who are familiar with the memorandum in question who are willing to speak in a public forum about it. Weirder things have happened. But speaking for myself, I do not have the time it takes to (a) become an expert on U.S. patent law, (b) read the memorandum, and (c) consider how it changes the U.S. patent system, and (d) write up my results. If this is important to you, I would suggest speaking with an IP lawyer. Especially for a patent that is due to expire in a year or two. http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
David Shaw wrote: Whether this means IDEA is okay or not patent-wise, I have a slightly different take on this: who cares about IDEA at this point? IDEA was good back in the 90s and PGP 2.x. It's 2009 now, and we have better ciphers than IDEA, a massive installed software base that doesn't use IDEA, and nobody is suffering for the lack of IDEA. If IDEA was suddenly not patented, none of this would change. Some people use remailers and other tools which depend on PGP 2.6/RFC1991 traffic. There are some people who would very much like to see GnuPG fully support RFC1991 so it can replace the very long in the tooth PGP 2.6. Admittedly, I think the correct response is to say, GnuPG /did/ replace PGP 2.6, the same way RFC4880 replaced RFC1991, now come into the 21st century with the rest of us. But many of the die-hard PGP 2.6 advocates resist changing. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
David Shaw wrote: If the some people still want this, I haven't seen it in a good long while. Possibly they gave up asking. Gave up the asking, more likely. I still get one or two emails a year inquiring about if/when GnuPG will support this. (No, I don't know why they email me, and I wish they wouldn't.) That said, I share in your sentiments. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IDEA patent vs the recent USPTO memorandum
On Sep 16, 2009, at 4:15 PM, Robert J. Hansen wrote: David Shaw wrote: Whether this means IDEA is okay or not patent-wise, I have a slightly different take on this: who cares about IDEA at this point? IDEA was good back in the 90s and PGP 2.x. It's 2009 now, and we have better ciphers than IDEA, a massive installed software base that doesn't use IDEA, and nobody is suffering for the lack of IDEA. If IDEA was suddenly not patented, none of this would change. Some people use remailers and other tools which depend on PGP 2.6/RFC1991 traffic. There are some people who would very much like to see GnuPG fully support RFC1991 so it can replace the very long in the tooth PGP 2.6. If the some people still want this, I haven't seen it in a good long while. Possibly they gave up asking. Still, it doesn't matter. GnuPG is not a RFC-1991 tool, and a theoretical un-patenting of IDEA doesn't change that either. To say nothing of the fact that compliant OpenPGP implementations are explicitly banned from generating RFC-1991 keys. In effect, the request you're paraphrasing seems to be Add support for a dead, deprecated, and weaker format to GnuPG, and then deal with a massive software distribution problem so everyone can have the new version, all so a few remailers and tools don't have to upgrade to OpenPGP. That argument might have made more sense in 1999, to help get people through the transition, but it's not 1999 any more. I'll go out on a limb and suggest that upgrading the relatively few remailers is an easier job... David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users