------- Forwarded Message
Return-Path: shipley(a)remarque.berkeley.edu
Message-Id: <m0oDQZo-00001yC(a)scintilla.santa-clara.ca.us>
From: sinster(a)scintilla.santa-clara.ca.us (Darren Senn)
Subject: Warning from the LPF...
To: fyi(a)xcf.berkeley.edu
Date: Tue, 6 Jul 1993 20:53:48 -0800 (PDT)
X-Mailer: ELM [version 2.4 PL21]
Content-Type: text
Content-Length: 11239
Resent-To: shipley(a)dis.org
Resent-Date: Tue, 06 Jul 1993 21:02:51 -0700
Resent-From: Evil Pete <shipley(a)remarque.berkeley.edu>
[ Indented just so I don't choke anyone's mailer -- DS ]
Date: Mon, 28 Jun 1993 07:48:33 GMT
From: friedman(a)gnu.ai.mit.edu (Noah Friedman)
Subject: Digital Signature Scandal
Organization: Free Software Foundation, 675 Mass Ave. Cambridge, MA 02139
[The following is an official announcement from the League for Programming
Freedom. Please redistribute this as widely as possible. [NF]]
Digital Signature Scandal
Digital signature is a technique whereby one person (call her J. R. Gensym)
can produce a specially encrypted number which anyone can verify could only
have been produced by her. (Typically a particular signature number encodes
additional information such as a date and time or a legal document being
signed.) Anyone can decrypt the number because that can be done with
information that is published; but producing such a number uses a "key" (a
password) that J. R. Gensym does not tell to anyone else.
Several years ago, Congress directed the NIST (National Institute of Standards
and Technology, formerly the National Bureau of Standards) to choose a single
digital signature algorithm as a standard for the US.
In 1992, two algorithms were under consideration. One had been
developed by NIST with advice from the NSA (National Security Agency),
which engages in electronic spying and decoding. There was widespread
suspicion that this algorithm had been designed to facilitate some
sort of trickery.
The fact that NIST had applied for a patent on this algorithm engendered
additional suspicion; despite their assurances that this would not be used to
interfere with use of the technique, people could imagine no harmless motive
for patenting it.
The other algorithm was proposed by a company called PKP, Inc., which not
coincidentally has patents covering its use. This alternative had a
disadvantage that was not just speculation: if this algorithm were adopted as
the standard, everyone using the standard would have to pay PKP.
(The same patents cover the broader field of public key cryptography,
a technique whose use in the US has been mostly inhibited for a decade
by PKP's assiduous enforcement of these patents. The patents were
licensed exclusively to PKP by the Massachusetts Institute of
Technology and Stanford University, and derive from taxpayer-funded
research.)
PKP, Inc. made much of the suspect nature of the NIST algorithm and
portrayed itself as warning the public about this.
On June 8, NIST published a new plan which combines the worst of both
worlds: to adopt the suspect NIST algorithm, and give PKP, Inc. an
*exclusive* license to the patent for it. This plan places digital
signature use under the control of PKP through the year 2010.
By agreeing to this arrangement, PKP, Inc. shows that its concern to protect
the public from possible trickery was a sham. Its real desire was, as one
might have guessed, to own an official national standard. Meanwhile, NIST has
justified past suspicion about its patent application by proposing to give
that patent (in effect) to a private entity.
Instead of making a gift to PKP, Inc., of the work all of us have paid for,
NIST and Congress ought to protect our access to it--by pursuing all possible
means, judicial and legislative, to invalidate or annul the PKP patents. If
that fails, even taking them by eminent domain is better (and cheaper in the
long run!) than the current plan.
You can write to NIST to object to this giveaway. Write to:
Michael R. Rubin
Active Chief Counsel for Technology
Room A-1111, Administration Building,
National Institute of Standards and Technology
Gaithersburg, Maryland 20899
(301) 975-2803.
The deadline for arrival of letters is around August 4.
Please send a copy of your letter to:
League for Programming Freedom
1 Kendall Square #143
P.O.Box 9171
Cambridge, Massachusetts 02139
(The League for Programming Freedom is an organization which defends
the freedom to write software, and opposes monopolies such as patented
algorithms and copyrighted languages. It advocates returning to the
former legal system under which if you write the program, you are free
to use it. Please write to the League if you want more information.)
Sending copies to the League will enable us to show them to elected
officials if that is useful.
This text was transcribed from a fax and may have transcription
errors. We believe the text to be correct but some of the numbers
may be incorrect or incomplete.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** The following notice was published in the Federal Register, Vol.
58, No. 108, dated June 8, 1993 under Notices **
National Institute of Standards and Technology
Notice of Proposal for Grant of Exclusive Patent License
This is to notify the public that the National Institute of Standards and
Technology (NIST) intends to grant an exclusive world-wide license to Public
Key Partners of Sunnyvale, California to practice the Invention embodied in
U.S. Patent Application No. 07/738.431 and entitled "Digital Signature
Algorithm." A PCT application has been filed. The rights in the invention
have been assigned to the United States of America.
The prospective license is a cross-license which would resolve a patent
dispute with Public Key Partners and includes the right to sublicense. Notice
of availability of this invention for licensing was waived because it was
determined that expeditious granting of such license will best serve the
interest of the Federal Government and the public. Public Key Partners has
provided NIST with the materials contained in Appendix A as part of their
proposal to NIST.
Inquiries, comments, and other materials relating to the prospective license
shall be submitted to Michael R. Rubin, Active Chief Counsel for Technology,
Room A-1111, Administration Building, National Institute of Standards and
Technology, Gaithersburg, Maryland 20899. His telephone number is (301)
975-2803. Applications for a license filed in response to this notice will be
treated as objections to the grant of the prospective license. Only written
comments and/or applications for a license which are received by NIST within
sixty (60) days for the publication of this notice will be considered.
The prospective license will be granted unless, within sixty (60) days of this
notice, NIST receives written evidence and argument which established that the
grant of the license would not be consistent with the requirements of 35
U.S.C. 209 and 37 CFR 404.7.
Dated: June 2, 1993.
Raymond G. Kammer
Acting Director, National Institute Standards and Technology.
Appendix "A"
The National Institute for Standards and Technology ("NIST") has announced its
intention to grant Public Key Partners ("PKP") sublicensing rights to NIST's
pending patent application on the Digital Signature Algorithm ("DSA").
Subject to NIST's grant of this license, PKP is pleased to declare its support
for the proposed Federal Information Processing Standard for Digital
Signatures (the "DSS") and the pending availability of licenses to practice
the DSA. In addition to the DSA, licenses to practice digital signatures will
be offered by PKP under the following patents:
Cryptographic Apparatus and Method ("Diffie-Hellman")
No. 4,200,770
Public Key Cryptographic Apparatus and Method
("Hellman-Merkle") No. 4,315,552
Exponential Cryptographic Apparatus and Method
("Hellman-Pohlig") No. 4,434,414
Method For Identifying Subscribers And For Generating
And Verifying Electronic Signatures In A Data Exchange
System ("Schnorr") No. 4,995,082
It is PKP's intent to make practice of the DSA royalty free for personal,
noncommercial and U.S. Federal, state and local government use. As explained
below, only those parties who enjoy commercial benefit from making or selling
products, or certifying digital signatures, will be required to pay royalties
to practice the DSA.
PKP will also grant a license to practice key management, at no additional
fee, for the integrated circuits which will implement both the DSA and the
anticipated Federal Information Processing Standard for the "key escrow"
system announced by President Clinton on April 16, 1993.
Having stated these intentions, PKP now takes this opportunity to publish its
guidelines for granting uniform licenses to all parties having a commercial
interest in practicing this technology:
First, no party will be denied a license for any reason other that the
following:
(i) Failure to meet its payment obligations,
(ii) Outstanding claims of infringement, or
(iii) Previous termination due to material breach.
Second, licenses will be granted for any embodiment sold by the licensee or
made for its use, whether for final products software, or components such as
integrated circuits and boards, and regardless of the licensee's channel of
distribution. Provided the requisite royalties have been paid by the seller
on the enabling component(s), no further royalties will be owned by the buyer
for making or selling the final product which incorporates such components.
Third, the practice of digital signatures in accordance with the DSS may be
licensed separately from any other technical art covered by PKP's patents.
Fourth, PKP's royalty rates for the right to make or sell products, subject to
uniform minimum fees, will be no more than 2 1/2% for hardware products and 5%
for software, with the royalty rate further declining to 1% on any portion of
the product price exceeding $1,000. These royalty rates apply only to
noninfringing parties and will be uniform without regard to whether the
licensed product creates digital signatures, verifies digital signatures or
performs both.
Fifth, for the next three (3) years, all commercial services which certify a
signature's authenticity for a fee may be operated royalty free. Thereafter,
all providers of such commercial certification services shall pay a royalty to
PKP of $1.00 per certificate for each year the certificate is valid.
Sixth, provided the foregoing royalties are paid on such products or services,
all other practice of the DSA shall be royalty free.
Seventh, PKP invites all of its existing licensees, at their option, to
exchange their current licenses for the standard license offered for DSA.
Finally, PKP will mediate the concerns of any party regarding the availability
of PKP's licenses for the DSA with designated representatives of NIST and PKP.
For copies of PKP's license terms, contact Michael R. Rubin, Acting Chief
Counsel for Technology, NIST, or Public Key Partners.
Dated: June 2, 1993.
Robert B. Fougner, Esq.,
Director of Licensing, Public Key Partners,
310 North Mary Avenue, Sunnyvale, CA 94033
[FR Doc. 93-13473 Filed 8-7-93; 8:45 am]
^^^^^^
[Looks like a typo to me... -- DS ]
- --
Darren Senn Phone: (408) 988-2640 Snail: 620 Park View Drive #206
sinster(a)scintilla.santa-clara.ca.us Santa Clara, CA 95054
Just another alpha male wire-head pyromaniac
------- End of Forwarded Message