At 01:50 PM 1/13/97 -0800, Ian Goldberg wrote:

According to http://www.rsa.com/rsalabs/newfaq/q76.html, RSA is in the process of patent application for RC5. Does that mean it's illegal to write a keysearch program for the RC5 challenges (unless you use BSAFE or something like that)?

Seems to me that a defendant who was participating in the challenge (or working with people who were, or was getting ready to participate) would have a strong argument that RSA gave implicit permission to use the patented algorithm in connection with the contest, or that a patent infringement action by RSA against a defendant who was participating in the contest would be barred by the doctrine of equitable estoppel. (Very broadly, equitable estoppel says that you can't tell someone "X", and then sue them on a theory of "not X", or come to court and argue that they are liable because of "not X".) Perhaps somewhere in the contest rules there's a limitation on the software/source code to be used? (I poked through the contest stuff a few days ago, and didn't see anything like that, but I got the impression that they weren't entirely finished putting it together.) YMMV, IANALUIPTB (.. until I pass the bar), etc. But it would be monumentally stupid to create a contest and then punish people for participating. The contest seems likely to do two things (beyond test the strength of the algorithm): develop an installed multiplatform base of optimized code which runs RC5, and give people who possess/distribute it a legal reason for having done so. So it'll be tough to stuff the RC5 rabbit back in the hat when the contest is over. RC5 seems destined to end up like RSA public-key, Diffie-Hellman, and IDEA - publically available (and probably deployed in free "rogue" software) yet only available commercially for a fee. Presumably the RC5 patent (if one is awarded) won't suffer from the peculiarities of the international patent schemes which made RSA only patentable in the US. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |