Golden Key Campaign

Jim McCoy mccoy at communities.com
Thu Apr 25 16:50:02 PDT 1996



Bill Frantz writes:
> At  1:11 AM 4/25/96 -0700, Bill Stewart wrote:
[...why do people continue to promote the RSA method?...]
> >
> >Sure.  Because 1) it's a good algorithm for the job,

And there are other equally good algorithms which can also do the job.

> >2) we've learned it, and have a PGP base behind our inertia,

A pretty insignificant base actually (at least compared to the internet
as a whole) and supposedly PGP 3.0 will support multiple encryption
methods so maybe the RSA reliance can die the ignoble death it deserves.
One point left out from the original posting is that a Rabin exchange
can use a RSA public key provided that the p and q in the public key are
Blum integers (which also lets you use the public key for probabalistic
PKE, as well as a few other neat tricks), so changing PGP to support
Rabin would not be much of an inconvenience...

> >3) The legalities of RSA are well-defined,

Yes, and the most well-defined point is that until September in
the year 2000 you will pay an arm and both legs to use RSA.

> >4) the Stanford patents mostly run out in 1997, unless Roger's suit
> >        succeeds first,

A point in favor of non-RSA public-key methods.

> >5) the price of RSA is fairly low, once free RSAREF came out

You must be joking.  Have you ever tried to deal with RSA lawyers?

> >6) the price of licensing Cylink patents is high and/or unpredictable

True, but Cylink needs to milk their patents for all they are worth for the
remaining 481 days they have left. In a little more than one year they will
not be left with much more than a footnote in the crypto history books.

>
> I will add to Bill's list:
>
> 7) RSA is the best known and vetted of the Public Key algorithms.

Best known perhaps, but ElGamal and Rabin have also been studied in depth
(in fact, Rabin is provably as secure as factoring, RSA has not been
proven this secure, it is only assumed that it is.) Most public key methods
fall back to only a handful of real trap-doors, so there is only a limited
amount of vetting to be done (esp. when compared to symmetric encryption
methods.)

> Some people say that the millennium comes on Jan 1, 2000.  Others say it
> comes on January 1, 2001.  I say it comes on September 20, 2000 when the
> RSA patent expires.

Nope, it starts on August 19, 1997.  After that point it becomes possible
to deploy systems using secure public-key crypto worldwide without needing
to pay someone royalties... :)

jim








More information about the cypherpunks-legacy mailing list