From: Bill Stewart <stewarts@ix.netcom.com> Date: Thu, 25 Apr 1996 01:11:13 -0700

5) the price of RSA is fairly low, once free RSAREF came out

RSAREF does not give you RSA. Do not think that you can write and distribute free software that uses RSA encryption in the US just because of the existence of RSAREF. If you don't believe me, let me tell you a little story. The RSAREF license strictly requires that you only use the documented RSAREF interface, which does not include direct access to the RSA functions. The relevant portion of the RSAREF license is section 2d: Prior permission from RSA in writing is required for any modifications that access the Program through ways other than the published Program interface or for modifications to the Program interface. (See the "What is it? RSAREF Supports the Following Algorithms" and "What You Can (and Cannot) Do With RSAREF," paragraph 4, all incorporated herein by reference, for details.) RSA will grant all reasonable requests for permission to make such modifications. PGP got a such "prior permission" to call functions outside of the RSAREF interface. However, that is only because PGP was such a high-profile case with a lot of MIT people behind it. On July 10, 1995, Tatu Ylonen sent mail to RSA attempting to get permission for US users to use RSAREF with ssh. Since ssh requires double encryption, something impossible to achieve through the published RSAREF interface, it called two of the functions PGP also uses, namely RSAPublicEncrypt and RSAPrivateDecrypt. It took RSA until September to respond to the original request, at which point they told Tatu they could only consider such a request coming from a US citizen. On Monday, September 11, 1995, I therefore sent in my own request to be able to use ssh with RSAREF. After many many messages, I got bounced around from RSA to Consensys Corp. and back to RSA. I was never able to get permission to use ssh with RSAREF. For a while I was a bit optimistic about the situation. For example on February 16, 1996, I was told the permission letter "should be sent out next week." However, it's been a couple of months since then and still no letter. Even if I get the letter tomorrow, however, it still will have been 9 months since the first request to RSA went in. The RSA folks seemed particularly concerned that the permission letter might be used for more than one particular program, or even more than one particular version of a ssh if major changes occured. In one letter, for instance, someone from RSA said: We'd like to avoid granting open-ended permission like: SSH provides for all of your security needs and the RSA calls are used to provide any kind of security service deemed useful now and in the future. Not that we wouldn't grant permission to new function/feature requests, rather we'd like to incentivize you to keep us posted as ssh grows. That means if I got a permission letter tomorrow, but in several months ssh was modified to use a better MAC, I might have to wait another 9 months to use the latest version ssh (which might no longer be the latest version by that point). Even if you think 9 months is an acceptible amount of time to wait to release an application you have written, consider this: First of all, I don't have the permission letter yet. I might get it tomorrow, I might get it in a year, or I might not get it before the RSA patent expires. Second of all, the only reason I have gotten as far as I did with this permission letter is because someone from MIT helped get me in touch with someone at RSAREF who would actually read my mail. Before that, I was told by RSA that I could only deal with Consensys Corp., and Consensys Corp. told me they could not grant me the kind of permission letter I was requesting, so that I was basically stuck (well, in theory Jonathan Zamick from Consensys Corp. could still be working on getting permission from RSA, but I haven't heard back from him since Nov 9, [except when he wanted to license IDEA to me, which ssh fortunately already has permission to use]). Conclusion: You can't use the RSA algorithm in free software. The RSAREF interface is too restrictive, and when RSA says in the license that "RSA will grant all reasonable requests for permission to make such modifications" to the interface, it is either an outright lie, or something that only happens after so much delay that they might as well not give you such permission. David P.S. You can help fight software patents! Join the league for programming freedom (http://www.lpf.org).