[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 40bit DES? & IBM Patents



	Let me tell you a cautionary tale about 40 bit DES
and the IBM patent.  The SET Protocol design committee
agreed to add IBM's 40 bit DES (called CDMF) as a mandatory
part of the SET protocol.  IBM wrote a letter that said that
the CDMF patent would be licensed in a non-discriminatory
way for $10,000 plus a "MINOR" concession.  This all seemed
reasonable, so the committee made it a mandatory feature.
	What was the MINOR concession?  Oh, that was simply to
agree not to enforce any of your company's patents against
any part of IBM worldwide, in exchange for using this one
little patent from IBM.  Does this seem fair?  Any vendor
implementing SET has to give up all of their patents that
might be negotiated with IBM or any of its subsidiaries
world wide in order to use just one IBM patent which covers
a nice way to do weak crypto with existing DES hardware.
Of course, if the vendor did not want to give up all of
their intellectual property, an purchase amount (vastly
larger than $10,000) could be negotiated with IBM.
	Well, of course RSA has some problems with this, but
we got little sympathy, since everyone already hates RSA for
its patents.  That's fine.  But then other vendors in the
banking space noticed the problem, and vendors making set-top
boxes noticed, and large corporations (think about a company
that make washing machines, nuclear weapons, and Certificate
Authorities), noticed that they would have to give up all
of their patents (including their classified patents on
ignition devices), just to use this IBM patent for weak
cryptography.
	The deal began to look very sour.  In the end, the SET
vendors discovered that they were allowed to export SET
implementations with 56 bit DES and that there was no need
for 40 bit CDMF DES, so de facto, CDMF was removed from SET.
	I suggest that if IPSEC wants a weak crypto algorithm
that they pick some algorithm other than CDMF DES.  For
example, the IETF already has paperwork allowing reasonable
use of CAST, SAFER, and RC2 without any MINOR concessions.
		--Bob Baldwin
		  RSA Data Security

> -----Original Message-----
> From:	Perry E. Metzger [SMTP:perry@piermont.com]
> Sent:	Tuesday, May 12, 1998 3:27 PM
> To:	Roy Pereira
> Cc:	perry@piermont.com; jim@mentat.com; chk@utcc.utoronto.ca;
> rgm-sec@htt-consult.com; ipsec@tis.com
> Subject:	Re: 40bit DES? 
> 
> 
> Roy Pereira writes:
> > Actually it doesn't hurt my organization at all, since we are a Canadian
> > corporation and we can export 56-bit DES without key-recovery to almost
> > anywhere.  I am just thinking about all those poor US companies that
> > will not be able to export IPSec due to the US's export laws.
> 
> They screwed up. They weren't smart enough to locate in Canada. Quit
> trying to dumb down IPSec. You aren't doing your customers, or theirs, 
> a favor. It is better that they buy good crypto from you than
> worthless crud from someone in the U.S.
> 
> > I agree with you about the severity of the situation for American
> > (and Canadian) organizations, but I disagree using US based IPSec
> > companies as martyrs.
> 
> You are so goddamn vendor-centric. What about the poor customers?
> Don't you give a tinker's damn about them? They aren't trying to buy
> something to slow down their machines -- they want to buy something
> SECURE.
> 
> > We have to ask ourselfs if we wish to use IPSec as a vehicle to change
> > the US government's export laws, or do we wish to make a PROTOCOL.
> 
> We want a SECURE PROTOCOL.
> 
> I'm not trying to change anyone's policy. I'm trying to get SECURE
> software in the hands of the users. If that means they have to buy
> from Canada, so be it. We're doing no customer a favor by selling them 
> fraudulent fake crypto software.
> 
> Perry


Follow-Ups: