Perry E. Metzger (perry@piermont.com)
Wed, 22 Jul 1998 10:39:39 -0400
Bob Baldwin writes:
> Second, let me make it clear that specific matters of
> RSA's intellectual property claims are handled by RSA's
> General Counsel. I'm in RSA Engineering.
Okay. You are, however, in a position to get a letter drafted by your
counsel. I don't suppose you could do that and get it posted in
public? It would do a lot to allay fears.
> I pointed out that IBM has (and does) enforce its patents for
> digest functions based on DES (as well as, and in addition to,
> any other block cipher) called MDC-2 and MDC-4. It also has a
> patent on using DES to create a 40-bit keyspace version called
> CDMF. Both of these "weird new modes" for DES are patented and
> IBM does in fact enforce them.
But these are SEPARATE patents, not the DES patent.
> Perry is right that they do not
> seem to enforce the DES patent rights against non-FIPs uses of DES,
That was the point.
> but they do have other related patents, which they do enforce.
"So?"
> For my part, in my comments to NIST, I have urged that
> the new AES be defined in to broadest possible way, so as to
> encompass the greatest possible array of implementation modes.
> Specifically, I have encouraged NIST to define PRNG, Digest
> and key derivation modes that an implementor can use for free.
However, people will continue to come up with newer modes of operation
that had not previously been thought of. If RSA DSI intends to enforce
the patents on RC6 *itself* against users of new AES modes that are
not themselves patented, I do not think we can reasonably or
rationally support the use of RC6 as the AES.
It would be of great help if you were to get a statement drafted by
RSA DSI's general counsel stating that you will not enforce any rights
granted to you under any of your patents on the cipher itself (I
imagine that would largely mean the RC5 patent) against *ANY* users or
usages of the AES should RC6 be accepted as the AES.
> I'm not, however, going to get into a pissing contest
> with Perry or anyone else with regard to RSA's intellectual
> property claims.
I'm not asking you to. I'm just noting that many people have had
run-ins with your company in the past, and that if you want people to
feel secure in supporting RC6 as an AES candidate you are going to
have to make it absolutely clear to people that your earlier comments
about enforcing intellectual property claims against users of non-FIPS
modes are not, in fact, true, and that your policy is going to be, for
practical purposes, to give up all rights, more or less as IBM did
with DES itself. (Please DO NOT cloud the issue by bringing up utterly
unrelated things like the fact that IBM enforced other crypto patents
like the CDMF that almost incidently happened to involve DES -- all
you will succeed in doing by mentioning that is increasing suspicion
that you are planning something.)
> At least here in RSA Engineering, we realize
> that (a) because RSA was among the pioneers in establishing
> both intellectual property claims and defacto standards in
> cryptography,
I am not going to debate the merits of the public's perception of RSA
DSI with you, Bob. I'm just going to say, quite bluntly, that much of
the crypto community has strong fears about your firm, and that
because of that, if you want people to actually accept RC6 as the AES,
you are going to have to go an extra mile in allaying those fears. If
you want to hide your head and pretend that people don't have those
fears, that is fine, but -- RIGHT OR WRONG -- those fears exist and
you aren't going to get rid of them by crowing about your pioneering
establishment of intellectual property claims in the field.
Frankly, your earlier comments about enforcing your patents in
non-FIPS uses of the AES should RC6 be accepted may have already been
enough to completely destroy any trust -- you're going to have to be
pretty forceful if you want to rebuild it. I do not think you
understand quite how seriously damaging your comments were.
So, in summary:
If you want community support for RC6's candidacy to become the AES,
you are going to have to get your lawyers to make it crystal clear,
in irrevokable language, that, should RC6 become the AES, you aren't
going to sue anyone for patent infringement for using the
algorithm. Period.
Perry
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:49 ADT