Re: 40bit DES? & IBM Patents
johara@newoak.com (John O'Hara) Wed, 13 May 1998 21:25 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id RAA26003 for ipsec-outgoing; Wed, 13 May 1998 17:25:38 -0400 (EDT)
Message-ID: <355A140F.6C4B8AE8@newoak.com>
Date: Wed, 13 May 1998 17:43:43 -0400
From: johara@newoak.com
X-Mailer: Mozilla 4.02 [en] (WinNT; I)
MIME-Version: 1.0
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
CC: ipsec@tis.com
Subject: Re: 40bit DES? & IBM Patents
References: <199805131941.PAA26616@dcl.MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
and further I believe the draft: draft-hoffman-des40-02.txt is NOT using CDMF.... so the whole thread about the IBM patents is kind of moot. John Theodore Y. Ts'o wrote: > > From: Bob Baldwin <baldwin@RSA.COM> > Date: Wed, 13 May 1998 08:55:46 -0700 > > Let me tell you a cautionary tale about 40 bit DES > and the IBM patent. The SET Protocol design committee > agreed to add IBM's 40 bit DES (called CDMF) as a mandatory > part of the SET protocol. IBM wrote a letter that said that > the CDMF patent would be licensed in a non-discriminatory > way for $10,000 plus a "MINOR" concession. This all seemed > reasonable, so the committee made it a mandatory feature. > What was the MINOR concession? Oh, that was simply to > agree not to enforce any of your company's patents against > any part of IBM worldwide, in exchange for using this one > little patent from IBM. Does this seem fair? > > On the other hand, it's fairly common for a company to grant a no-cost > license to use a patent for protocol XYZZY to require that other > companies must grant a no-cost license to that company if other patents > turn out to be necessary to implement protocol XYZZY. This has > generally to be considered a good thing. > > That being said, there are other ways of doing 40-bit DES without using > CDMF that aren't patented, and while I dislike 40-bit crypto, patent > problems are really a legitmate excuse not to use 40-bit crypto. > (Someone should have done a favor and patented the concept of using > 40-bit crypto, just as Apple patented the concept of using reusable > one-time pads. :-) > > Furthermore, no one has suggested using CDMF, so any further discussion > about patent licensing issues would not seem to be related to the work > of the ipsec wg. > > - Ted
- RE: 40bit DES? & IBM Patents Bob Baldwin
- RE: 40bit DES? & IBM Patents Paul Koning
- Re: 40bit DES? & IBM Patents Theodore Y. Ts'o
- Re: 40bit DES? & IBM Patents John O'Hara
- RE: 40bit DES? & IBM Patents Robert Moskowitz
- Re: 40bit DES? & IBM Patents John Tavs