[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 40bit DES? & IBM Patents

   From: Bob Baldwin <baldwin@RSA.COM>
   Date: Wed, 13 May 1998 08:55:46 -0700

	   Let me tell you a cautionary tale about 40 bit DES
   and the IBM patent.  The SET Protocol design committee
   agreed to add IBM's 40 bit DES (called CDMF) as a mandatory
   part of the SET protocol.  IBM wrote a letter that said that
   the CDMF patent would be licensed in a non-discriminatory
   way for $10,000 plus a "MINOR" concession.  This all seemed
   reasonable, so the committee made it a mandatory feature.
	   What was the MINOR concession?  Oh, that was simply to
   agree not to enforce any of your company's patents against
   any part of IBM worldwide, in exchange for using this one
   little patent from IBM.  Does this seem fair?  

On the other hand, it's fairly common for a company to grant a no-cost
license to use a patent for protocol XYZZY to require that other
companies must grant a no-cost license to that company if other patents
turn out to be necessary to implement protocol XYZZY.  This has
generally to be considered a good thing.

That being said, there are other ways of doing 40-bit DES without using
CDMF that aren't patented, and while I dislike 40-bit crypto, patent
problems are really a legitmate excuse not to use 40-bit crypto.
(Someone should have done a favor and patented the concept of using
40-bit crypto, just as Apple patented the concept of using reusable
one-time pads.  :-)

Furthermore, no one has suggested using CDMF, so any further discussion
about patent licensing issues would not seem to be related to the work
of the ipsec wg.

						- Ted
Follow-Ups: References: