Theodore Ts'o writes:

Several people from RSA, including Bidzos at the last Cypherpunks meeting at Mountain View (I wasn't there, but take a look at the meeting "minutes"), have stated repeatedly that if someone were to ask for permission to use the internal interfaces of RSAREF in order to write a PGP-compatible program, they would grant permission.

Now - there's a slight distinction between: a) write [from scratch] PGP-compatible program; b) write RSA engine for [existing] PGP program. I suspect it's the second, that most people would prefer.

However, as of two weeks ago, *NOT* *A* *SINGLE* *PERSON* *HAS* *ASKED*.

Incorrect. I asked for, and recieved, a permission to use RSAREF internals for modified RIPEM program. Actually, nobody but time and efforts preclude me from adding PGP capabilities to it... Of course, whether b) will be granted too, is an open question.

To those of you who have repeatedly said "Cypherpunks write code" (and I applaud that attitude), consider this a challenge. :-)

Naw... EeRegards, Uri. ------------ <Disclaimer>

...

If they are so willing to let us do this, then will they tell us why we have to use their code? If they are willing to do it, it shouldn't matter what code we use.

Wrong. The RSAREF code is *licensed* to you for non-commercial use. They are explicitly not giving it away, or making it "freely available". By allowing you to use it under their license, they are not leaving themselves open to claims of non-enforcement of their patent. If they let you write your own code, then, strictly speaking, you would need a license to use it. Negotiating such a license is expensive and time-consuming. You don't want to do it. If RSA is willing to let you use their code, do so. It's probably the best compromise you're going to get unless you have a lot of money and lawyers to spare. I have the source code, and I can read it. If there are any back doors, I (or someone with more experience) can find them. That's enough security for me. Marc P.S. I don't like software and algorithm patents, and said so to Jim Bidzos's virtual face during the conference last weekend. But the law still stands, and although IMHO it is flawed, it's not inconsistent, so I'll obey it. If the gov't outlaws strong crypto, then they've just done something illegal w.r.t. the Constitution in my mind, and I will feel free to disobey that law, should it come about. In civil disobedience (which is essentally what people are arguing for), you disobey laws you find so immoral or so evil that you cannot conscionably obey them. I don't like the current patent law in this country, but my disagreements are in the details of the law, not in it's very nature. I don't think any of my fundamental rights are being violated, so I'll complain and disagree, but not disobey.