I was the one who originally raised the issue regarding whether a
standard should use the name "RSA", so I thought I'd explain the
history. See, eg, the Aug. 96 P1363 minutes
http://grouper.ieee.org/groups/1363/minutes/Aug96.txt
where I argued in vain that "RSA" should be replaced by a more
generic term such as "Composite Modulus". No one agreed with me.
The RSADSI legal dept. sent a slide showing all of its claimed
trademarks, and "RSA" was conspicuously absent. RSADSI apparently
saw it to be in its interests to get the name "RSA" into standards
and disclaim any trademarks on it.
Eventually, after much discussion, P1363 changed the family name
"RSA" to "IF", for "Integer Factorization". (The name "IF" was not
my choice -- I argued that it was not descriptive, but no one agreed
with me.) Also, as a result of my objections, ANSI X9.31 changed
its name from "RSA" (digital signature algorithm) to "rDSA".
Just as P1363 was going to ballot, SDTI/RSADSI suggested that
we avoid the term "RSA" in order to help RSADSI get trademark
protection in the future.
http://grouper.ieee.org/groups/1363/letters/SecurityDynamics.jpg
This week, SDTI/RSADSI issued a new letter, purportedly to
clarify its position.
http://grouper.ieee.org/groups/1363/letters/SecurityDynamics2.jpg
However, the new letter seems to be a departure from its previous
postion in that it says:
"The RSA trademark is a valuable asset of RSA Data Security, Inc."
Ie, it now claims a trademark on "RSA". OTOH, it says that in
the earlier letter they said that they "do not intend to rely on our
trademark rights in the RSA brand the prevent the use of ... the
terms 'RSA public key', ...". But what the earlier letter actually
says is "The terms 'RSA public key' ... may be similarly affected
by such protection."
It is not clear to me exactly what protection SDTI/RSADSI is
seeking, or how such protection would affect someone using
a phrase like "RSA public key" in commerce.
At 04:58 PM 4/9/99 -0400, Vin McLellan wrote:
> SDTI, RSA's parent firm, for which I have been a consultant for
> many years, never said they were going to restrict the use of
> the term RSA by real people, or even members of standards groups.
Huhh? The whole purpose of trademarks is to allow a company
to monopolize a commercial name. If SDTI is claiming a trademark
on "RSA", then it is trying to restrict real people regarding
use of the name. It has also asked our standards group not to use
the "RSA" name.
I think it is a little late (and silly) for SDTI/RSADSI to claim
a trademark on "RSA" at this point. The term "RSA" was put
into P1363 with active encouragement from RSADSI and with
disavowals of trademark coverage. It seems fairly clear to me
that someone should be able to implement P1363 techniques
without worrying about a trademark claim from SDTI/RSADSI.
BTW, the history of public key is a fascinating digression.
Does anyone have the actual quote in which Bobby Inman
claimed that the NSA invented public key cryptography
before the Stanford/MIT groups? He may have merely said
that the NSA knew about public key, in which case it would
have been a true statement based on what we now know about
GSEG and the likely cooperation between GSEG and NSA.
Roger Schlafly
P1363 Secretary
