What if (the cypherpunk community) comes out with a secure program that doesn't rely on RSAREF? Can it be done?
Bizdos and gang will _still_ hold the patent on RSA-style public key encryption. What you're suggesting is, in essence, exactly what Phil Zimmerman did with PGP 1.0.
There are three different problems here: - Doing secure programs without the RSAREF implementation of RSA; this has US patent license difficulties unless you buy their stuff. - Doing secure programs without the RSA algorithm - other public-key methods are available, such as Diffie-Hellman, though RSA has a lot of technical advantages for many applications. PKP/RSADSI own patents that expire in 1997 that they claim cover the whole field of public-key crypto, and nobody's challenged the breadth of those claims in court. - Doing secure programs without public-key algorithms at all - you *can* use secret-key algorithms to do security, as long as you're willing to do key distribution by some usable but inconvenient method, and security systems like Kerberos can do this. But Public-Key variants solve a lot of the technical difficulties and make implementations much easier.