Re: possible solution to the anonymous harrassment problem
RSA has a patent on their algorithm. It's quite likely that I can't even create a key pair without their permission, let alone use it.
You're poorly informed. As a condition of a grant from DARPA to RSADSI, RSAREF may be used noncommercially, for free, to do any of the following: - RSA encryption and key generation, as defined by RSA Data Security's Public-Key Cryptography Standards (PKCS) [4] - MD2 and MD5 message digests [3,5,6] - DES (Data Encryption Standard) in cipher-block chaining mode [7,8] Moreover, I believe you'll find that RSADSI has become much more helpful recently. For more information, anonymous ftp to rsa.com and look around. I've just gone over the RSAREF license agreement again. It seems to permit any sort of not-for-profit operation, including a public key service. -- Marc Ringuette (mnr@cs.cmu.edu)
You're poorly informed. As a condition of a grant from DARPA to RSADSI, RSAREF may be used noncommercially, for free, to do any of the following: - RSA encryption and key generation, as defined by RSA Data Security's Public-Key Cryptography Standards (PKCS) [4] - MD2 and MD5 message digests [3,5,6] - DES (Data Encryption Standard) in cipher-block chaining mode [7,8] Moreover, I believe you'll find that RSADSI has become much more helpful recently. For more information, anonymous ftp to rsa.com and look around.
I've just gone over the RSAREF license agreement again. It seems to permit any sort of not-for-profit operation, including a public key service.
Uhh, this is not quite true. If you read closer, you will see that you need "special permission from RSADSI" to use non-published interfaces to RSAREF. At the end is an exerpt from the RSAREF documentation about its interface. If you want more functionality, you have to ask special permission! This means that without this permission, you CANNOT use "RSA encryption" in-and-of itself. -derek ---------- begin exerpt -------------- RSAREF is written entirely in C. Its application interface includes the following routines: R_SignPEMBlock computes a digital signature on a message R_VerifyPEMSignature verifies a digital signature on a message R_VerifyBlockSignature verifies a digital signature on a block of data such as a certificate R_SealPEMBlock computes a digital signature and encrypts a message R_OpenPEMBlock decrypts an encrypted message and verifies a digital signature R_DigestBlock computes a message digest on a message R_GeneratePEMKeys generates an RSA public/private key pair R_RandomInit initializes a random structure R_RandomUpdate mixes bytes into a random structure R_GetRandomBytesNeeded computes the number of mix-in bytes still needed to seed a random structure R_RandomFinal zeroizes a random structure
Derek Atkins says:
I've just gone over the RSAREF license agreement again. It seems to permit any sort of not-for-profit operation, including a public key service. Uhh, this is not quite true. If you read closer, you will see that you need "special permission from RSADSI" to use non-published interfaces to RSAREF. If you want more functionality, you have to ask special permission!
Well, their license says, that "they will grant permission for any reasonable request" for modification to RSAREF, or to access to those unpublished routines. I guess until somebody asks about such a permission and gets rejected, or granted - we'll never know... [BTW, I aske and got such permission for my own private needs...] Now, who's willing to volunteer? (:-)
This means that without this permission, you CANNOT use "RSA encryption" in-and-of itself.
Legally, you mean (:-). -- Regards, Uri uri@watson.ibm.com scifi!angmar!uri N2RIU ----------- <Disclamer>
If you read closer, you will see that you need "special permission from RSADSI" to use non-published interfaces to RSAREF.
I asked Jim Bidzos about this last Friday. He states that the purpose of this clause is to avoid the situation where modifications to the package decrease its cryptographic security. I gather that such special permission should not be too hard to get. Eric
Are there any citations of instances of this happening? John Coryell.
participants (5)
-
Derek Atkins -
Eric Hughes -
John Coryell. -
Marc.Ringuette@GS80.SP.CS.CMU.EDU -
uri@watson.ibm.com