-----BEGIN PGP SIGNED MESSAGE----- I thought Eric's analysis of RSADSI/PKP's position was interesting, but I have to take issue with a couple of points:

Premise: RSADSI created RSAREF in order to license individuals.

This seems to assume that RSADSI needs to "license" individuals in order to allow them to use the patent. But I don't think this is the case. RSADSI can simply say that individual, non-commercial use of the patents is permitted by them. In fact, they do say that, apparently. As Pat Farrell reported today:

I found that PKP has two simple philosophies: (1) they have a valid patent, and you must agree to this fact and (2) if you make money, they make money.

I understand that the FAQ from RSA confirms this, that non-commercial, personal use of the patent is OK. (Actually, I don't think this first point, that "you have to agree that their patent is valid" is in the FAQ. I think this was added specifically because the PGP documentation criticizes the patent.) So, it does not seem to me that they had to take _any_ specific action in order to "license" individuals to use their patent non-commercially. They simply had to say, as they already said, that such use is not considered infringing.

Since they don't make any money from it, there's no reason for them to spend much money paying lawyers to draft license agreements for products which bring in no income. Therefore they want all non-income uses of the patents to be filtered through a single license.

Again, there is no need for them to pay lawyers to set up a host of different "non-income" licenses. There is no need to "filter" all such uses through a single package. Rather, a general blessing of non-commercial use should be adequate.

Assertion: The reason that RSADSI requires that individual licenses be mediated through RSAREF is that non-commercial software is inevitably used in commercial contexts.

Allow personal, non-commercial use does not mean they lose any rights to sue companies which make money off the patent. If a non-commercial product (like PGP) is used in a commercial context then both Phil and Jim may be expected to go after them. This therefore is not at all a reason for RSADSI to require individual licenses to be mediated through RSAREF. Doing that gives them no rights that they didn't already have.

Remember, their main business is licensing. All software used in a commercial context must be licensed, otherwise their main business is imperiled. Were they to make separate licenses for every low end product, they would be in the same situation as if they licensed individuals--high overhead, small return. Therefore, they license RSAREF to companies; this allows RSADSI to economically offer licensed use for all such low end software packages.

Here Eric is apparently talking about commercial use. I think our discussions are in the context of personal, non-commercial use. We should clearly separate these two issues. Where a putatively non-commercial product, whether RIPEM or PGP, is used in a commercial situation then PKP and/or PRZ may choose to take legal action. But the non-commercial situation can be dealt with without restricting users to use RSAREF. In short, Eric has not persuaded me (at least) that RSADSI was in any way forced to restrict non-commercial users to use the RSAREF package. Their general policy of permitting personal, non-commercial use, and demanding that "if you make money, we make money" are more than adequate without RSAREF entering the picture at all. Hal Finney 74076.1041@compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK+ExaKgTA69YIUw3AQErDQP/ZMqrgzTm/j2T5xkbLCruCdVfd+a/U9tk aNNE8687LMZsC9RSxh6me60zWEQag1DnLqOA5zhn+9kbQ3HbYsc58oc/5vNgJwEe lAfcRImykqdIq3PLWgGyvhqqBsOib/k9uL8+OijcdYmsnLciDN8z4IdREDDKn7zu w83hCzV7BDc= =zAQ6 -----END PGP SIGNATURE-----