Vin McLellan (vin@shore.net)
Tue, 28 Jul 1998 03:44:07 -0400
Vin McLellan <vin@shore.net> wrote:
>> Any contract transferring
>> control of an algorithm to the US government so that it can become the AES
>> will explicitly declare the algorithm, in all formats, to be royalty-free
>> worldwide. That was part of initial call for AES candidates two years ago.
Eric Young <eay@cryptsoft.com> replied:
>I thought DSA was clouded by patent issues for a while there.
I believe the US Govt. negotiated or purchased a release from one
or more pertinent US patents. (Micali?) Outside the US, in Europe and
Japan, Claus Schnorr's patents <EP-Patent 0,384,475 and JP-Patent
2,666,191> may well be found applicable to the DSA. Dr. Prof. Schnorr
recently argued, quite forcefully, that they are. See:
<http://grouper.ieee.org/groups/1363/letters/SchnorrMar98.html>
In his US patent <4,995,082>, Schnorr's lawyer apparently didn't
capture the full range of claims made in his European and Japanese patents,
which is perhaps why NIST and the NSA thought they could ignore Schnorr for
the FIPS. After the NSA developed the DSA, in what many believe was an
attempt to block the widespread acceptance of RSA, Dr. Schnorr assigned
these patents to RSA. Nixdorf already had a non-exclusive license. I think
IBM, among others, chose to license the Schnorr patents to cover use of the
DSA oversea. Bruce Schneier summarized the situation in Applied
Cryptography II by saying, in effect, that the DSA is still clouded by
patent issues.
Eric also noted:
>I would expect the transfer conditions to be more probably be 'fair and
>reasonable licencing conditions to all'. Since when did the USA belive if
>Nationalising industry/ideas/patents :-).
Interesting question;-) The goal of the AES program at NIST seems
to be an even more freely-available algorithm than was the case with DES.
As several people have noted, IBM did not enforce its residual patent
rights over non-FIPS implementations of the DES -- but, legally, those
residual rights apparently did exist.
In January, 1996, in its initial announcement of the AES program,
NIST said that both unpatented or patented algorithms would be acceptable
AES candidates -- with the patented algorithms to be available in
conformance with the NIST patent policy: "fair and reasonable," etc., etc.
By September, 1997, however -- after a public workshop on AES
Criteria -- NIST declared quite another goal in the formal call for AES
Candidates <http://csrc.nist.gov/encryption/aes/aes_9709.htm> in the US
Federal Register:
"It is intended that the AES will specify an unclassified, publicly
disclosed encryption algorithm available royalty-free worldwide that
is capable of protecting sensitive government information well into
the next century."
Lawyers will translate this into contracts and regulations, but I
presume this statement of the US Government's intent is binding, since this
language established the context within which the candidate algorithms were
developed and submitted. The Devil, of course, is in the details -- but a
lot of concerned people are watching the AES process closely.
Suerte,
_Vin
-----
Vin McLellan + The Privacy Guild + <vin@shore.net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:57 ADT