home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky sci.crypt:6131 alt.security.pgp:409
- Newsgroups: sci.crypt,alt.security.pgp
- Path: sparky!uunet!paladin.american.edu!gatech!rpi!usc!enterpoop.mit.edu!linus!philabs!acheron!scifi!watson!yktnews!admin!uri
- From: uri@watson.ibm.com ()
- Subject: Re: Legal Stuff!
- Originator: uri@buoy.watson.ibm.com
- Sender: news@watson.ibm.com (NNTP News Poster)
- Message-ID: <1992Dec23.041819.50850@watson.ibm.com>
- Date: Wed, 23 Dec 1992 04:18:19 GMT
- Disclaimer: This posting represents the poster's views, not necessarily those of IBM
- References: <1992Dec22.215815.3172@netcom.com>
- Nntp-Posting-Host: buoy.watson.ibm.com
- Organization: IBM T.J. Watson Research Center
- Lines: 68
-
- From article <1992Dec22.215815.3172@netcom.com>, by strnlght@netcom.com (David Sternlight):
- > 1. For PGP to be written from scratch in the U.S. to incorporate
- > RSAREF......................
- > I understand some are working on 1., and the RSAREF license should
- > make their job much easier.
-
- I have to disappoint you: the final RSAREF license makes it clear,
- that in order to access it in any way other than the published
- interface, you need a prior permission from PKP. And since
- the set of published interfaces is too poor, PGP can't
- be rewritten to use it, nor any decent program (SORRY, Mark! :-).
- Also, taking into account the fact, that the word "PGP" causes
- PKP react like a bull seeing red - I don't think it's likely
- PKP allows such a "modification"...
-
- So, thanks to item 2.d of that new license - "their job" is just
- as easy now, as it was before, in one word - impossible.
-
- > 2. For RIPEM's cryptographic components (DES and RSAREF) to somehow
- > be rewritten de novo outside the U.S. to be consistent with national
- > crypto and patent laws, thus permitting communications between the
- > U.S. version of RIPEM and any other.
- > I suspect 2. is unlikely without some illegal export from the U.S.
-
- I doubt those abroad would bother rewriting PGP... Who
- would waste their time, and what for?
-
- > 3. For RIPEM to be upgraded in the U.S. to include IDEA, and PGP format
- > compatibilty.
-
- And you can't include IDEA into RIPEM, because it will require
- modification to RSAREF, and you need prior permission to do it.
- So forget it.
-
- > 4. For the Munitions Act/ITAR regulations to be changed AND PKP's
- > patents overturned (or expire).
- > I think 4. is both unlikely and will take some time if it happens.
-
- Well, of course PKP patent will expire in a few years (:-).
-
- Now, ITAR regulations... But you wouldn't believe how easy
- it is to write a crypto code... So I personally wouldn't
- worry too much about ITAR. Especially dealing with such a
- simple algorithm as IDEA... (:-)
-
- > My understanding of 3. is that if the RIPEM author gets many requests,
- > he will consider it, but not otherwise.
-
- It's worth to thanks Mark for his outstanding work, and to ask him
- to upgrade RIPEM. Actually, some of the desired changes are under
- consideration, so if y'all folks can convince him, that it's OK to
- use some code from PGP (key management, message body compression
- and such) - we might indeed come up with compatibility. I might do
- IDEA for RIPEM (heck, I'm doing it anyway :-)... But as long as
- item 2.d is there - I see no use for RSAREF. [For their DES sucks,
- the only thing I really need from them is RSA implementation, and
- that only because of the patent, until it expires, of course).
-
- > Note that a modification of RSAREF to handle certificates, etc.
- > (if that's where it has to be handled in software)
- ^^^^^^^^^^^^^^^ yes, unfortunately.
- > is not a performance modification under the terms
- > of the RSAREF license, and thus requires RSA's permission.
- > The license does say they won't deny such permission for
- > "all reasonable requests."
-
- The only question left is - what exactly is "reasonable", and
- for who? (:-)
-
