[14172] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: PGP 2.6 is dangerous in the long term ?

daemon@ATHENA.MIT.EDU (bill.stewart@pleasantonca.ncr.com )
Thu May 26 03:37:13 1994

Date: Thu, 26 May 94 03:34:26 EDT
From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: cypherpunks@toad.com

> >What if (the cypherpunk community) comes out with a secure program that 
> >doesn't rely on RSAREF?  Can it be done?  
> 
> Bizdos and gang will _still_ hold the patent on RSA-style public key
> encryption.  What you're suggesting is, in essence, exactly what Phil
> Zimmerman did with PGP 1.0.

There are three different problems here:
- Doing secure programs without the RSAREF implementation of RSA;
  this has US patent license difficulties unless you buy their stuff.
- Doing secure programs without the RSA algorithm - other public-key
  methods are available, such as Diffie-Hellman, though RSA has
  a lot of technical advantages for many applications.
  PKP/RSADSI own patents that expire in 1997 that they claim cover
  the whole field of public-key crypto, and nobody's challenged the
  breadth of those claims in court.
- Doing secure programs without public-key algorithms at all -
  you *can* use secret-key algorithms to do security, as long as you're 
  willing to do key distribution by some usable but inconvenient method,
  and security systems like Kerberos can do this.  But Public-Key 
  variants solve a lot of the technical difficulties and make 
  implementations much easier.

home help back first fref pref prev next nref lref last post