On Sat, 9 Jan 1999, Enzo Michelangeli wrote:
> So, my question is: is anybody aware of any (official or unofficial)
> licensing condition from RSADSI discouraging the use of ciphersuites based
> on Diffie-Hellman key exchange? Or may we hope in TLS-compliant browsers
> before September of next year?
I've talked to and worked for organizations which might've been subjected
to conditions like you mention above and have never heard of one proposed
by RSA nor accepted by a licensee. I think you could characterize RSADSI's
licensing and price terms as being structured to encourage the use of DH
and TLS.
RSADSI is, reasonably, trying to get people to standardize on BSAFE, both
as an API and as a library; that way they can continue to collect
royalties even when their current monopolies (like the patent on RSA, and
the FUD around RC4) wither away. This is not necessarily bad, at least for
commercial users - working, debugged, supported crypto libraries can take
a lot of the headache out of product development, and a royalty is just
another cost to be figured into a business model. To a freeware/opensource
developer, $20K/year is prohibitive - to an ongoing business, it's not an
obstacle. Unfortunately, this means businesses don't have a strong
incentive to work with unencumbered ciphers - it's not sexy to
develop/support them, as you can't make much on licensing your code (or
it's not "unencumbered" any more); but it's not efficient to develop
unencumbered code in-house at a cost of maybe $100K per developer-year, if
you could license someone else's encumbered code/ciphers for a fraction of
that.
The interesting question is what's going to happen - or not - to the
BSAFEeay packgage, which implements the BSAFE API on top of SSLeay. It's
certainly not patent-clean inside the US for another 21 months or so .. I
don't know whether or not it's copyright-clean or trade-secret-clean. If
not, it's certainly possible to make a version which is. See
<https://www.cypherpunks.to/bsafeeay/> for more about BSAFEeay.
--
Greg Broiles
[EMAIL PROTECTED]
