[229] in WWW Security List Archive
Re: Secure HTTP mailing list
daemon@ATHENA.MIT.EDU (hallam@dxal18.cern.ch)
Wed Nov 16 07:59:07 1994
From: hallam@dxal18.cern.ch
To: ams@eit.com (Allan M Schiffman)
Cc: hallam@dxal18.cern.ch, www-security@ns1.rutgers.edu
In-Reply-To: Your message of "Tue, 15 Nov 94 23:11:49 PST."
<9411160711.AA22171@eitech.eit.com>
Date: Wed, 16 Nov 94 10:39:29 +0900
Reply-To: hallam@dxal18.cern.ch
>>In the case
>> of any secure protocol there is the very good chance (and SHTTP is no
>> exception) that the protocol or specification will want to use the
>> _patented_ RSA algorithims (Public Key Partners effectively has a what
>> appears to be a patent on any public key scheme).
>Largely correct, but what that means, I suppose (at least in this
>regard), is that you might compare such protcols to PEM rather than TCP
>or DNS.
Just to emphasise Alan's point. Shen and SSL (the MCom system) also both use
patented technology. I can't see any real way out. The Diffie Helleman patent
is so broad as top cover almost anything useful. However it does expire in 1997.
Expect the whole patent thing to get much less fraught after that date. RSA
while being more technically elegant will probably get swamped.as El-Gamal will
be avaliable freely and can be used for both signatures and key exchange.
There are advantages to the RSA system which Rivest originally brought up as a
potential security flaw, It is possible to blind a signature by multiplying the
text for signature by a pseudo random number then factor it out. This means that
one should never sign a key one did not create oneself. Chaum patented the use
of this idea for certain purposes so you end up having to pay for patents
anyway.
One solution to this problem of course is simply to move to a free country.
Phill Hallam-Baker
