At 8:32 PM 5/19/96, Bill Stewart wrote:
On the other hand, NIST has been saying that DSS isn't covered by any patents, which the PKP folks had some very negative, skeptical comments about, before PKP fell apart; it probably still is covered by the Cylink/Stanford patents until they expire next year, though it's not covered by RSA. The patent licensing hassles probably have kept a lot of people from using it, except for specific sales to the government.
Not to mention the Schnorr patent, which is good until 2008. NIST has claimed DSA doesn't infringe upon patents, but they won't necessarily help you in court, let alone indemnify you. I think everyone is using RSA because it's easy, safe and already widely deployed. Since you've got to buy a BSAFE license to do any interesting commercial cryptography anyway, why go through the hassle of another algorithm? Cylink is pushing DSA, however, because with DSA + Diffie-Hellman, you get both encryption and signing, thus providing a similar set of capabilities to RSA. Note, also that a DSA implementation might be usable as to do ElGamal or RSA encryption; I don't know whether generally available commercial / exportable implementations can or not. [Applied Cryptography, 2nd ed., 490-491] - Tim PS - Anyone know what the ASN.1 AlgorithmIDs and public key formats are for DSS? I'd like to add support for DSS X.509 certs to my X.509 library. Even better would be a couple of such certificates so I can test. PPS - Any chance the original rumor surrounded RCA/Hughes' DSS satellite TV system, and not the Digital Signature Standard, and we've all been barking up the wrong tree? Tim Dierks - Software Haruspex - tim@dierks.org "That's the trouble with technology. It attracts people who have nothing to say." - Muffey Kibbey, mother [Wall Street Journal, May 10 1996]