[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 40bit DES? & IBM Patents
- To: Bob Baldwin <baldwin@RSA.COM>
- Subject: Re: 40bit DES? & IBM Patents
- From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
- Date: Wed, 13 May 1998 15:41:27 -0400
- Address: 1 Amherst St., Cambridge, MA 02139
- Cc: "'perry@piermont.com'" <perry@piermont.com>, Roy Pereira<rpereira@TimeStep.com>, jim@mentat.com, chk@utcc.utoronto.ca, rgm-sec@htt-consult.com, ipsec@tis.com
- In-Reply-To: Bob Baldwin's message of Wed, 13 May 1998 08:55:46 -0700,<6236E58EC451D1119E80006097040ED9446A30@lobester.rsa.com>
- Phone: (617) 253-8091
- Sender: owner-ipsec@ex.tis.com
From: Bob Baldwin <baldwin@RSA.COM>
Date: Wed, 13 May 1998 08:55:46 -0700
Let me tell you a cautionary tale about 40 bit DES
and the IBM patent. The SET Protocol design committee
agreed to add IBM's 40 bit DES (called CDMF) as a mandatory
part of the SET protocol. IBM wrote a letter that said that
the CDMF patent would be licensed in a non-discriminatory
way for $10,000 plus a "MINOR" concession. This all seemed
reasonable, so the committee made it a mandatory feature.
What was the MINOR concession? Oh, that was simply to
agree not to enforce any of your company's patents against
any part of IBM worldwide, in exchange for using this one
little patent from IBM. Does this seem fair?
On the other hand, it's fairly common for a company to grant a no-cost
license to use a patent for protocol XYZZY to require that other
companies must grant a no-cost license to that company if other patents
turn out to be necessary to implement protocol XYZZY. This has
generally to be considered a good thing.
That being said, there are other ways of doing 40-bit DES without using
CDMF that aren't patented, and while I dislike 40-bit crypto, patent
problems are really a legitmate excuse not to use 40-bit crypto.
(Someone should have done a favor and patented the concept of using
40-bit crypto, just as Apple patented the concept of using reusable
one-time pads. :-)
Furthermore, no one has suggested using CDMF, so any further discussion
about patent licensing issues would not seem to be related to the work
of the ipsec wg.
- Ted
Follow-Ups:
References: