Brian Snyder <[EMAIL PROTECTED]> writes:
> Why, when the de-facto standard of internet development/protocol work is to
> use open (royalty-free) protocols, did the world of SSL seem to standardize
> on a patented algorithm such as SSL. I mean SSL is totally out there for
> the world to use, but this dang RSA license issue constantly pops up...
> Why didnt the designers of SSL (netscape I believe) standarized on one of
> the free key exchange algs (like DH). If they made that one the defacto
> standard alg, then SSL would truly be 'open'.
>
> I wonder why didnt they do that...
When SSL was designed back in 1995, Public Key Partners owned the
rights to ALL public key cryptography, including Diffie-Hellman. [0]
RSA DSA would sell you a license (well, a toolkit) to implement both
DH and RSA. Thus, there was no reason not to use RSA. RSA does
have certain technical properties which make it better than DH
in some circumstances.
Since then, the Merkle-Hellman patent has expired and DH has become
free. The RSA patent lasted a little longer, that's all.
-Ekr
[0] Well, at least claimed to own the rights.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
