RC4 - A response from RSA Data Security, Inc.
Weasel words if I ever saw it. From: jim@RSA.COM (Jim Bidzos) FYI... I'd appreciate if you posted this wherever you saw RC4... WARNING NOTICE It has come to RSA Data Security's attention that certain RSA trade secrets, in the form of confidential and proprietary source code, have been misappropriated and disclosed. [...] Let it be officially observed that nowhere in this 'warning' is there any claim that the alleged RC4 code posted is related in any way to "certain RSA trade secrets". The innuendo to Bruce is certainly that, but there's no official statement to that effect. All this statement says is that certain things happened, but does not claim that the specific code posted is what is being referred to. And I suspect that's because a statement to that effect would be a lie, or at the least counterfactual. If the code posted were copyrighted, it would be much stronger to make the claim that in fact, the posted code was RSA code. That's not actually claimed, and the statement published stops just short of it, just short of making a false public statement which would restrain trade. In other words, it's _all_ hot air, not just most of it. Eric
Something told me once by a legal person was that it's not illegal to warn someone that they're doing something illegal when they're not. In other words, RSADSI's vow to maim and mutilate anyone found near a machine with "rc4.c" on a disk may or may not carry actual weight. (This particular legal person was somewhat inebriated at the time, so even I don't necessarily believe him. It does make sense, however...) | GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5@tivoli.com> | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |
Mike McNally says:
Something told me once by a legal person was that it's not illegal to warn someone that they're doing something illegal when they're not. In other words, RSADSI's vow to maim and mutilate anyone found near a machine with "rc4.c" on a disk may or may not carry actual weight.
The phrase "illegal" is wrong here. Potentially, RSADSI has a civil action that it can bring against some people, but nothing criminal has been claimed thus far. I know there are certain states with statutes making trade secret violations a crime, but thats not what is being alleged thus far. I will also note that all good attorneys regularly draft letters on behalf of their clients claiming that you will be stripped of all your assets and get a bad case of leprosy if you don't do what we want. Such letters tend to "stretch" the law a bit. Its not clear that Bidzos does or does not have any course of action to take against third parties that have or do work with the RC4 code. He might have potential mechanisms available to him, and he might just be threatening to spread Fear, Uncertainty and Doubt. I'm not sufficiently familiar with all the details of trade secret law. Perry
participants (4)
-
hughes@ah.com -
m5@vail.tivoli.com -
Perry E. Metzger -
schneier@chinet.chinet.com