The following message is FOR CYPHERPUNKS ONLY. I specifically *prohibit* further distribution past the mailing list! Please do not betray my trust! [Bidzos]
I'm genuinely confused, as I believe the situation is as simple as I put it to you. Our claims of patent infringement by DSS, made over the last 18 months, were well-known and publicized. NIST has capitulated. Seems pretty straightforward to me.
The more I read from Bidzos, the less I believe he has any overall control or even awareness of the company, or is purposely duplicitous. His vague and weak defenses I find personally intelligence-insulting. DSS seemed to defy the face of all public input into the standard, which opposed the NIST algorithms (`handed down' in a dictatorial and authoritarian manner, sound familiar?) in favor of RSA. How is it that Bidzos makes no reference to this? Apologists for DSS such as Denning do so on two major grounds: 1) it is part of the larger plan involving Clipper, therefore lack of duality in encryption and authentication features (an implicit characteristic of RSA) is not a problem 2) the security is `no weaker' (cunningly disguised as to appear to say `better') than RSA. Both are noxiously misleading arguments in themselves, but are also decoys (like key escrow agencies and procedures) to the critical issues at stake. The critical point is that even the *appearance* of a `fair and impartial' standards making process was totally defied, to the point of suggesting a complete clandestine backroom collusion! (hm, sound familiar?) But gosh, I wonder how many people would have advocated RSA back then when they could predict the future: that NIST would not only embrace PKP but would award them a complete monopoly on signature standards. Somehow proponents of this new NSA-Clipper-Capstone obscenity are now pointing back to history and saying that the main objections to DSS standards were *technical* (strength of the algorithm) and *legal* (PKP patenting) and that they have been wholly ameliorated by improvements (in key size) and recent events (PKP support). This is historical revisionism at its worst! From my point of view, critical main objections were on the warped process that permitted an unpopular (and perhaps even subversive) standard be adopted! This revisionism definitely suggests something deeper and `ulterior' is going on---that a comprehensive NSA-PKP alliance is in place?
BTW, on Clipper, ATT, Motorola, IBM could have done Clipper without ever talking to us. Contrary to popular belief, we don't dictate terms to licensees.
First, I find it absolutely ridiculous for an informed agent of PKP, and for that person to coincidentally be called the *president*, to claim that `we don't dictate terms to licensees'. This is only true in the sense that if the licensee does not agree to the terms put down by PKP, they don't get the license! Second, I would like to see PKP contracts. There are probably more clauses than a bad run-on sentence. I'll go out on a limb and wager that PKP *does* limit the use of RSA in the company's products, and that the licenses are fairly specific. It seems rather inconceivable to me that any such corporate agreement that could be so simplistically summarized as `PKP gives rights to company [x] to use RSA in *any* of their products as long as they pay [y] royalties'. The agreement is very likely product-specific and implementation-limiting. Perhaps Mr. Bidzos or representatives of companies involved would be willing to forward copies of these agreements for our consideration of Mr. Bidzos' claims, assuming they are not `classified'... Third, regardless of presence of product-specific limitations in the licenses, and even if PKP has sold licenses to companies that somehow permit them the latitude to include RSA technology in their Clipper implementations, PKP can certainly take the future stance that they will prohibit that use in future corporate contracts! If Mr. Bidzos really thinks that Clipper is `ill-conceived, ill-timed, and undesirable' perhaps he should figure out how to keep his company from supporting, nay, *promoting* and *profiting* from it. Let's look again at the announcement:
PKP will also grant a license to practice key management, at no additional fee, for the integrated circuits which will implement both the DSA and the anticipated Federal Information Processing Standard for the "key escrow" system announced by President Clinton on April 16, 1993.
`at no additional fee'? What does that mean, `for free'? This apparently means Mycotronx, despite being a private company, does not need to license (read: pay for) the RSA patents on the critical key-exchange function for use in Capstone for *any* implementations (public or private), nor does any other company NSA decides to induct into its privileged enclave. Hm, I wonder how RSA's other `customers' feel about that? And why would PKP voluntarily give up this potentially valuable revenue source? Clipper implementations could be *extremely* lucrative for PKP. That they don't license them specifically, and in fact voluntarily give up the perogative to do so, suggests that they gave up something greater in return for them. Namely, the award of an official U.S. government-endorsed monopoly on DSS and arguably all valuable cryptographic techniques. By the way, let's look Mr. Bidzos' quote on Clipper. Clipper is `ill-timed'? What does this suggest, that a NSA-PKP partnership would be better served if it came out sooner or later? Clipper is `ill-conceived and undesirable'? For who? Was it that PKP perhaps didn't hear about it soon enough to rob all the tasty new cryptographic algorithm patents surrounding it, like it did with the Schnorr patent? The licensing notice (which was probably reviewed and approved by PKP representatives) refers to Clipper as `an anticipated Federal Information Processing Standard?' How, Mr. Bidzos, can this new revelation possibly be construed to indicate that Clipper `will go away'? Yes, I suppose Mr. Bellovin was right. The omnipresent underlying message here is that nothing is unethical if PKP profits from it. I advise cypherpunks not to take Mr. Bidzos' comments literally. They are, however, interesting from the perspective of the study of the speech of either an uninformed figurehead or a capitalist (or even nationalist) co-conspirator. P.S. all cypherpunks `for' an alliance with PKP, please raise your hand. I personally find the image of `lumbering but ultimately benevolent corporation' too incredible to hold in the face of recent events, and am now actually quite embarrassed to have advocated some `good faith' proposals involving the company which look naively misguided in hindsight. PKP is not going to go away when a few of its patents expire. To the contrary, it appears to be clutching everything within reach to ensure its eternal domination in the commercial cryptographic field. (sound familiar? a PKP-NSA alliance makes perfect sense.)