Re: 40bit DES? & IBM Patents

[johara@newoak.com (John O'Hara)]

and further I believe the draft:
	
	draft-hoffman-des40-02.txt

is NOT using CDMF....

so the whole thread about the IBM patents is kind of moot.

John



Theodore Y. Ts'o wrote:
> 
>    From: Bob Baldwin <baldwin@RSA.COM>
>    Date: Wed, 13 May 1998 08:55:46 -0700
> 
>            Let me tell you a cautionary tale about 40 bit DES
>    and the IBM patent.  The SET Protocol design committee
>    agreed to add IBM's 40 bit DES (called CDMF) as a mandatory
>    part of the SET protocol.  IBM wrote a letter that said that
>    the CDMF patent would be licensed in a non-discriminatory
>    way for $10,000 plus a "MINOR" concession.  This all seemed
>    reasonable, so the committee made it a mandatory feature.
>            What was the MINOR concession?  Oh, that was simply to
>    agree not to enforce any of your company's patents against
>    any part of IBM worldwide, in exchange for using this one
>    little patent from IBM.  Does this seem fair?
> 
> On the other hand, it's fairly common for a company to grant a no-cost
> license to use a patent for protocol XYZZY to require that other
> companies must grant a no-cost license to that company if other patents
> turn out to be necessary to implement protocol XYZZY.  This has
> generally to be considered a good thing.
> 
> That being said, there are other ways of doing 40-bit DES without using
> CDMF that aren't patented, and while I dislike 40-bit crypto, patent
> problems are really a legitmate excuse not to use 40-bit crypto.
> (Someone should have done a favor and patented the concept of using
> 40-bit crypto, just as Apple patented the concept of using reusable
> one-time pads.  :-)
> 
> Furthermore, no one has suggested using CDMF, so any further discussion
> about patent licensing issues would not seem to be related to the work
> of the ipsec wg.
> 
>                                                 - Ted