Re: OpenSource vs. IETF Standards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Phillip Hallam-Baker wrote:
> 
> So the IETF has done patent deals in the past. We did it for RSA and
> DH for example because those were the only ways to do public key
> cryptography. It was agree to the patent claims or don't do the work.

Weird.  That's not how I remeber the situation with RSA.  I'm *NOT* aware
of any patent deal of the IETF for RSA.  IIRC, the DH patent expired in
late 1997 and the RSA patent expired in the 2nd half of 2000.
(The RSA patent existed only in a few countries, since the technology
 had been publicly described prior to patent application, excluding it
 from patentability in several jurisdictions).

TLSv1.0 (rfc2246) was published in January 1999 with the "official"
mandatory-to-implement TLS cipher suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

  https://tools.ietf.org/html/rfc2246#section-9

i.e. *NO* RSA, because there was *NO* IETF patent deal about RSA.
Defacto, SSL & TLSv1.0 were pretty much exclusively used with RSA
server certificates from 1995 through today, and several vendors simply
waited until the RSA patent had expired before shipping crypto with
RSA (including SSL/TLS) implementations in their product.


What I remember from back then is more closely described/captured in
Google search results like these:

a Baltimore White Paper, excerpt from page 4:
  ftp://59.152.90.8/Softwere,%20Music%20&%20Others/EBooks/RSA_patent_expiry_developer_white_paper.pdf

  Intellectual property

  The final barrier to using public key cryptography has been a series
  of patents on the basic techniques -- the Diffie-Hellman algorithm,
  the RSA algorithm, the idea of public-key cryptography itself.
  Although patents are a useful way of rewarding inventors for their
  ideas, the RSA patent in particular has been used in ways that make
  it hard to develop good cryptographic software.

  Import

  RSA Security Inc (formerly known as RSA Data Security Inc, or RSADSI),
  which claimed exclusive rights to the exploitation of the patent,
  sells a software toolkit, called BSAFE Crypto-C ("BSAFE" for short),
  which implements many popular cryptographic algorithms. This is the
  only software implementation of the RSA algorithm which they are willing
  to see used in the US.

  Not only has this given them a monopoly of the market for basic
  cryptography in the US; it's made it difficult for software companies
  from other countries to sell to the US. The RSA algorithm is not
  patented outside North America, so developers there have been free
  to develop their own public key cryptography applications.
  But importing them into the US has mean re-engineering them to use
  BSAFE -- essentially, entirely unnecessary effort

  Toolkits: Lock-in

  In both their toolkits and their standards development, RSADSI have
  attempted to develop lock-in to the RSA algorithm. In BSAFE,
  Diffie-Hellman is supported differently from any other public key
  algorithm. BSAFE is deliberately written so that it's impossible
  to store a long-term Diffie-Hellman keypair, or use a Diffie-Hellman
  private key for more than one session. The Diffie-Hellman private key
  in BSAFE is held within an algorithm object, and can't be extracted
  from it; neither can algorithm objects be cloned, so there is simply
  no way of preventing the private key from expiring with the
  algorithm object.

  What are the effects of this? A developer using BSAFE who was tempted
  to implement a non-RSA based PKI would, quite simply, find it impossible.
  There is no straightforward way to publish a Diffie-Hellman public key
  in a database for future use by a correspondent. IETF standards, like
  S/MIME v3, cannot be implemented.


snippet from a length discussion thread:
  https://groups.google.com/forum/#!search/Gamal$20el$20Gamal$20can$20we$20resume$20$3F$3F/sci.crypt/M18NGuXQBP4/VFGbWgYsZJkJ

    RSA[DSI] offered Netscape a deal in which this hungry little startup got
  an unrestricted license to use RSA's BSAFE code, cash-free, in exchange for
  a legendary 1 percent of Netscape. What isn't clear in Mr. Schlafly's
  summary was that that deal merely settled -- on relatively generous
  terms, I think -- what was always a foregone conclusion. D-H was simply
  a non-starter in 1994, according to most informed observers.

    Mr. Shlafly offers a malovalent interpretation of the fact that RSADSI
  preferred to license its BSAFE toolkit -- to Netscape and everyone else
  -- as opposed to allowing OEMs a full patent license to roll their own
  RSApkc (and/or other RSA cryptosystems.) 


or this:
  http://marc.info/?l=openssl-users&m=94383534822859


-Martin





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]