[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Principle Statement on Patents and Exports

To: bound@zk3.dec.com
Subject: Principle Statement on Patents and Exports
From: shirey@mitre.org (Robert W. Shirey)
Date: Mon, 13 Mar 95 09:21:12 EST
Cc: ipng@sunroof.eng.sun.com, ipsec@ans.net

FYI.  Adapted from  draft-irtf-psrg-secarch-sect1-00.txt

3.5  Use of the Best Available Technology

Internet standards should always employ the best available technology to
provide high-quality security. National restrictions and patents sometimes
make it hard to follow this principle, but a technology should not be
avoided in an attempt to satisfy some countries in which the technology is
restricted or patent rights are asserted. The rules differ too much among
countries, and the rules keep changing. Any attempt to make Internet
standards satisfy the rules of any particular set of governments would
unnecessarily and unfairly restrict development and use of Internet
technology in other countries.

For example, the use of cryptography in Internet standards should not be
limited just because of national restrictions on export, import, or use of
cryptography. Existing restrictions differ greatly between countries
[Chan94a, Chan94b, Hoff93, Info94]. Some countries control domestic use of
cryptography, and some do not. Some regulate communication of enciphered
data across their borders. Some control export of encryption equipment, and
some control import. For example, the U.S. places few restrictions on
domestic use. But the U.S. restricts export of cryptography designed only
to provide integrity and authentication services, and stringently restricts
export of cryptography that can be used for confidentiality service.

In the short term, Internet standards can minimize the effect of existing
restrictions by using cryptography in a focused way. For example, if
authentication and integrity service suffice to meet security needs in some
protocol, then confidentiality service should not be included gratuitously.
In the long term, the effect of international trade controls should fade.
There is no inherent reason why protocol implementations must originate in
a single country and be exported to other countries. Protocols and
cryptography are being independently implemented today in many countries.
Also, the strong trend to electronic commerce throughout the world may
cause international standardization and subsequent relaxation of technology
restrictions.

Similarly, many cryptographic algorithms, especially asymmetric algorithms,
are patented, but Internet protocols should not avoid using a technology
only because patent rights have been asserted in some countries. The
situation with cryptographic patents is similar to that with trade
controls. That is, not all algorithms are patented in all countries;
parallel, independent implementations in different countries are both
possible and customary in the Internet; and patents eventually expire.
Thus, use of patented technology in Internet standards should not be
precluded so long as the licensing conditions are reasonable and
non-discriminatory, as specified in [RFC1602]. Still, Internet protocols
should avoid using patented technology whenever there is an appropriate
substitute technology that is unrestricted. Internet standards should also
avoid encryption algorithms and other technologies that are commercially
proprietary, governmentally sensitive, militarily restricted (i.e.,
"classified"), or otherwise prevented from being publicly disclosed. Such
conditions preclude open peer review that is fundamental to Internet
standards development and high-quality security.

---------

[Chan94a]  J. P. Chandler, D. C. Arrington, D. R. Berkelhammer, W. L. Gill,
Identification and Analysis of Foreign Laws and Regulations Pertaining to
the Use of Commercial Encryption Products for Voice and Data
Communications, National Intellectual Property Law Institute and The George
Washington University, Washington, D.C., for U.S. National Institute of
Standards and Technology, January 1994.

[Chan94b]  -----, Review and Analysis of U.S. Laws, Regulations, and Case
Laws Pertaining to the Use of Commercial Encryption Products for Voice and
Data Communications, -----, January 1994.

[Hoff93]  L. J. Hoffman, Faraz A. Ali, Steven L. Heckler, Ann Huybrechts,
Cryptography: Policy and Technology Trends, The George Washington
University, Washington, DC, for U.S. National Institute of Standards and
Technology, 5 December 1993.

[Hoff93]  L. J. Hoffman, Faraz A. Ali, Steven L. Heckler, Ann Huybrechts,
Cryptography: Policy and Technology Trends, The George Washington
University, Washington, DC, for U.S. National Institute of Standards and
Technology, 5 December 1993.

[Info94]  "Encryption's International Labyrinth", Infosecurity News,
January/February 1994, pp. 26-30.


Regards, -Rob-    Robert W. Shirey  SHIREY@MITRE.ORG
tel 703.883.7210, sec 703.883.5749, fax 703.883.1397
Info. Security Div., The MITRE Corp., Mail Stop Z231
7525 Colshire Drive, McLean, Virginia 22102-3481 USA

Prev by Date: Re: A plea for peace....
Next by Date: Re: A plea for peace....
Prev by thread: Re[2]: End of WG Last Call for AH+MD5 and ESP+DES+3DES
Next by thread: Suggestions on keyed-MD5
Index(es):
- Main
- Thread