Re: Fixing pgp 2.6
At 6:19 PM 5/16/94 -0700, Hal wrote:
First, note the strong hint in Schiller's message about operators of key servers who accept pre-2.6 keys being guilty of contributory infringement of the RSA patent. I think we can expect strong legal pressure from RSA to shut down the remaining U.S. key servers, even those which don't use illegal versions of PGP. They succeeded once in shutting down the key servers which used PGP; they will succeed again in shutting down the others due to the contributory infringement threat.
Presumably this won't affect the non-US keyservers. I don't see the people running said servers bowing into pressure about a patent that doesn't affect them....
For the same reason, hopes of getting a non-RSA-approved "2.6a" (hacked to be backwards compatible with 2.3) widely available in the U.S. are not well founded. FTP sites which hold programs or even patch files to allow 2.6 to interoperate with 2.3 will be targetted by RSA as contributory infringers. In short, the legal advantages PGP 2.6 will have over unapproved versions will be strong enough that it will be widely used in the U.S.
The thing is, though, that PGP 2.5 *doesn't* infringe on the patent, because of the use of RSAREF. Any version that uses RSAREF should be legal from that patent sense. Presuming that there aren't copyright issues involved with the 2.5 release, I don't see any reason that code couldn't be maintained and fixed. I'll have to check the copyright status on 2.5 when I log on. There are many people, including myself, that won't get involved with an infringing version of PGP. PGP won't get "wide" acceptance until the isssues are resolved. At the same time, PGP also won't get "wide" acceptance unless it is interoperable with the outside world. This would involve code using RSAREF coming legally into the US and being used, or code using RSAREF being illegally shipped outside of the US. Apparently, the latter has already happened. But either way, for PGP to be noninfringing in the US, it needs to use RSAREF. I'm guessing that the new version of RSAREF they announced would be coming out will probably alter the terms to make this difficult/impossible. However, I don't believe there is any requirement we use the latest version of RSAREF... Just to use the license that comes with that version of the code. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra@dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
The thing is, though, that PGP 2.5 *doesn't* infringe on the patent, because of the use of RSAREF. I think the broad silence from MIT and RSADSI on the subject of PGP 2.5 after the initial announcement means that this was a matter of debate and that there were some serious negotiations going on between the two. I hope this means that the 2.5/2.6 time-delayed incompatibility is a bone thrown to RSADSI to get them to support *some* version of PGP.. which means that everyone in the U.S. (except the government) will be happy afterwards. A comment I heard from someone close to the situation was that the 2.5->2.6 format changes will be *very* small, and will be publically documented in an "ITAR-proof" document. - Bill
participants (2)
-
snyderra@dunx1.ocs.drexel.edu -
sommerfeld@orchard.medford.ma.us