Here's something on this note that I wonder about.
Why, when the de-facto standard of internet development/protocol work is to
use open (royalty-free) protocols, did the world of SSL seem to standardize
on a patented algorithm such as SSL. I mean SSL is totally out there for
the world to use, but this dang RSA license issue constantly pops up...
Why didnt the designers of SSL (netscape I believe) standarized on one of
the free key exchange algs (like DH). If they made that one the defacto
standard alg, then SSL would truly be 'open'.
I wonder why didnt they do that...
-brian
> -----Original Message-----
> From: Geoff Thorpe [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 10, 2000 9:16 AM
> To: [EMAIL PROTECTED]
> Subject: RE: RSA Patent Issues... interesting article...
>
>
> Hi there,
>
> On Wed, 10 May 2000, Vin McLellan wrote:
>
> > > http://www.cyberlaw.com/rsa.html
>
> good read, it got my brain chewing anyway. :-)
>
> > The RSA guys, for whom I have been a consultant for
> many years, got a
> > bitter laugh out of it. They said, basically, that Flinn
> had tried out the
> > same arguments, several times, before judges, magistrates,
> and arbitators...
> > and had been rebuffed or trounced each time.
>
> Well I for one, as someone not expert in patent law, would
> love to hear as
> good a plain-english rebuff to that article as that article
> itself was a
> plain-english summary of their arguments. In particular the prior art
> considerations (Pohlig-Hellman) seem quite compelling to my skin-deep
> legal appreciation, and I would really enjoy seeing further
> discussion of
> his section "How Can You Patent an Algorithm?" - namely the
> fact that US
> patent law "appears" to only validate algorithms insofar as
> they relate to
> physical means - abstract mathematical algorithms alone seem to be
> disallowed under section 101 ... well, at least according to
> this article.
>
> > The bottom line is that Patrick Flinn, Esq., could not
> convince his client,
> > Cylink -- nor any other potential challenger to the RSApkc
> patent -- that
> > his arguments would survive a trial, much less prevail.
> Cylink reviewed the
> > case Mr. Flinn had spent several years researching, developing, and
> > polishing, then decided to fire Mr. Flinn, settle with RSA,
> and purchase a
> > RSApkc license from RSA.
>
> The other bottom line is that so far the patent doesn't seem
> to have been
> properly challenged, and as such all the FUD in the world
> doesn't answer
> the critical question - would the patent stand up to
> rigourous objective
> scrutiny? The fact companies may not have the funds or
> backbone to tackle
> bloodthirsty opponents with legal firepower coming out their ears, and
> difficult technical/legal arguments, and so "settle" (in
> whichever sense),
> still does not answer that question. I am a legal dunce, and
> I necessarily
> surrender myself to those who can provide their arguments in
> plain enough
> terms. I'd appreciate any you might be able to throw into the
> ring for us
> :-)
>
> > No matter how exhilarating it may be to dream of
> yourself pulling down the
> > RSApkc license in its final months, ya gotta wonder why
> this gangbuster
> > version of Mr. Flinn's case was presented in the pages of a
> magazine, rather
> > than in a US
> > Federal courtroom? In a magazine article, of course, Flinn
> was able to
> > escape both RSA response and the judge's ruling.
>
> RSA seem (correct me if I'm wrong) to have escaped the courtroom
> altogether so far. I agree that with the sand running out on the RSA
> patent, that the question is moot in this case. But tackling the
> underpinning assumption that these mathematical niceities (built upon
> masses of "prior art") are fodder for patents is not so moot.
>
> In particular, I would *really* appreciate any thoughts you
> have on the
> following point: The RSA key-generation is a 2 prime "version" of the
> Pohlig-Hellman key-generation (which has 1 prime).
> "Multi-primes" extend
> the idea to more than 2 primes. As with all 3 (or more), the
> key-generation is the only thing distinguishing the processes
> in theory.
> In practise, the benefit of having more prime factors in the modulus
> allows faster performance of private key operations using
> tweaks - which
> is the sole reason for "multi-primes". However the more
> primes there are,
> the lower the theoretical security of the keys, albeit that current
> techniques are unable to exploit this. If any part of Flinn & Jordan's
> argument is valid about Pohlig-Hellman (as prior art)
> invalidating the RSA
> patent by way of it being "obvious", then that would extend
> naturally to
> the recently patented "multi-prime" extensions.
>
> FYI: Multi-prime RSA using optimisations is faster than
> regular RSA if you
> accept the security implications of equivalent sized
> multi-prime RSA keys.
> This optimisation is simply an extension of the CRT (Chinese Remainder
> Theorem) technique already used to speed up 2-prime (RSA)
> operations. So
> that CRT technique itself seems highly iffy to be patented.
> Which leaves
> the mathematical consideration of the multi-prime keys themselves, and
> their generation, to be debated (ie. I doubt the patent could
> rest on an
> argument that it is a physical process, or an implementation
> invention,
> because that should bang its head on the prior art I would
> have though).
>
> Compaq (I believe) own the new patent issued for this, and
> RSADSI appear
> (I believe) to have an exclusive license to the technology in
> the US. The
> sand is not running out on multi-primes the way it is running
> out on RSA.
> Any other crypto algorithms that appear could also be called
> into question
> perhaps in similar ways ... so I'd rather not brush the
> discussion aside
> as "moot".
>
> Thoughts? And please correct or expand on any
> misinterpretations or errors
> in what I've babbled about, and in the original article too.
>
> Cheers,
> Geoff
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
