[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 40bit DES? & IBM Patents

To: <ipsec@tis.com>
Subject: Re: 40bit DES? & IBM Patents
From: "John Tavs" <tavs@raleigh.ibm.com>
Date: Fri, 15 May 1998 16:30:14 -0400
Sender: owner-ipsec@ex.tis.com
Let me attempt to clarify the situation here.

1)  What is being described is not our standard conditions and internally
      called "Special Licensing" because it has unique terms.

2)  Here's the actual wording "IBM will commit not to assert its CDMF
     patent ... against any party using it to implementthe
     MasterCard/Visa SET protocol.  This commitment will continue as long as
    that Party does not assert its own patents against any IBM
     implementation of such
     protocol in an IBM product or service."

      In other words,  since we gave away our rights here, we expect others
      not to make claims on us in doing this protocol.  There is no reason
      RSA need fear that it nuclear weapon programs are exposed here or
      any other use of its patents towards other protocols.


3)  Regarding IPSEC, our standards terms are in force and that means
     CDMF implementations would include a royalty.  I have not pursued a
     special license for IPSEC, because I didn't think people were
     interested in 40 keys.




-----Original Message-----
From: Bob Baldwin <baldwin@RSA.COM>
To: 'perry@piermont.com' <perry@piermont.com>; Roy Pereira
<rpereira@TimeStep.com>
Cc: jim@mentat.com <jim@mentat.com>; chk@utcc.utoronto.ca
<chk@utcc.utoronto.ca>; rgm-sec@htt-consult.com <rgm-sec@htt-consult.com>;
ipsec@tis.com <ipsec@tis.com>
Date: Wednesday, May 13, 1998 1:19 PM
Subject: RE: 40bit DES? & IBM Patents


> Let me tell you a cautionary tale about 40 bit DES
>and the IBM patent.  The SET Protocol design committee
>agreed to add IBM's 40 bit DES (called CDMF) as a mandatory
>part of the SET protocol.  IBM wrote a letter that said that
>the CDMF patent would be licensed in a non-discriminatory
>way for $10,000 plus a "MINOR" concession.  This all seemed
>reasonable, so the committee made it a mandatory feature.
> What was the MINOR concession?  Oh, that was simply to
>agree not to enforce any of your company's patents against
>any part of IBM worldwide, in exchange for using this one
>little patent from IBM.  Does this seem fair?  Any vendor
>implementing SET has to give up all of their patents that
>might be negotiated with IBM or any of its subsidiaries
>world wide in order to use just one IBM patent which covers
>a nice way to do weak crypto with existing DES hardware.
>Of course, if the vendor did not want to give up all of
>their intellectual property, an purchase amount (vastly
>larger than $10,000) could be negotiated with IBM.
> Well, of course RSA has some problems with this, but
>we got little sympathy, since everyone already hates RSA for
>its patents.  That's fine.  But then other vendors in the
>banking space noticed the problem, and vendors making set-top
>boxes noticed, and large corporations (think about a company
>that make washing machines, nuclear weapons, and Certificate
>Authorities), noticed that they would have to give up all
>of their patents (including their classified patents on
>ignition devices), just to use this IBM patent for weak
>cryptography.
> The deal began to look very sour.  In the end, the SET
>vendors discovered that they were allowed to export SET
>implementations with 56 bit DES and that there was no need
>for 40 bit CDMF DES, so de facto, CDMF was removed from SET.
> I suggest that if IPSEC wants a weak crypto algorithm
>that they pick some algorithm other than CDMF DES.  For
>example, the IETF already has paperwork allowing reasonable
>use of CAST, SAFER, and RC2 without any MINOR concessions.
> --Bob Baldwin
>   RSA Data Security
>
>> -----Original Message-----
>> From: Perry E. Metzger [SMTP:perry@piermont.com]
>> Sent: Tuesday, May 12, 1998 3:27 PM
>> To: Roy Pereira
>> Cc: perry@piermont.com; jim@mentat.com; chk@utcc.utoronto.ca;
>> rgm-sec@htt-consult.com; ipsec@tis.com
>> Subject: Re: 40bit DES?
>>
>>
>> Roy Pereira writes:
>> > Actually it doesn't hurt my organization at all, since we are a
Canadian
>> > corporation and we can export 56-bit DES without key-recovery to almost


>> > anywhere.  I am just thinking about all those poor US companies that
>> > will not be able to export IPSec due to the US's export laws.
>>
>> They screwed up. They weren't smart enough to locate in Canada. Quit
>> trying to dumb down IPSec. You aren't doing your customers, or theirs,
>> a favor. It is better that they buy good crypto from you than
>> worthless crud from someone in the U.S.
>>
>> > I agree with you about the severity of the situation for American
>> > (and Canadian) organizations, but I disagree using US based IPSec
>> > companies as martyrs.
>>
>> You are so goddamn vendor-centric. What about the poor customers?
>> Don't you give a tinker's damn about them? They aren't trying to buy
>> something to slow down their machines -- they want to buy something
>> SECURE.
>>
>> > We have to ask ourselfs if we wish to use IPSec as a vehicle to change
>> > the US government's export laws, or do we wish to make a PROTOCOL.
>>
>> We want a SECURE PROTOCOL.
>>
>> I'm not trying to change anyone's policy. I'm trying to get SECURE
>> software in the hands of the users. If that means they have to buy
>> from Canada, so be it. We're doing no customer a favor by selling them
>> fraudulent fake crypto software.
>>
>> Perry
>
Prev by Date: Re: Latest AH/ESP/Arch drafts and changes
Next by Date: combining SA proposals in IKE [was: Some questions]
Prev by thread: RE: 40bit DES? & IBM Patents
Next by thread: FW: New Encryption Export Bill Aims To Ease Controls
Index(es):
- Main
- Thread