From xemacs-m  Tue Sep  9 21:16:49 1997
Received: from firewall1.Lehman.COM (firewall.Lehman.COM [192.147.65.66])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id VAA15113
	for <xemacs-beta@xemacs.org>; Tue, 9 Sep 1997 21:16:49 -0500 (CDT)
Received: from relay.messaging-svcs2.lehman.com by firewall1.Lehman.COM (8.8.6/8.6.12) id WAA13887; Tue, 9 Sep 1997 22:16:35 -0400 (EDT)
Received: from cfdevx1.lehman.com by relay.messaging-svcs2.lehman.com (8.8.5/8.8.5) id WAA28401; Tue, 9 Sep 1997 22:16:03 -0400 (EDT)
Received: from localhost by cfdevx1.lehman.com (4.1/Lehman Bros. V1.6)
	id AA19171; Tue, 9 Sep 97 22:16:02 EDT
Message-Id: <9709100216.AA19171@cfdevx1.lehman.com>
Reply-To: Rick Campbell <rickc@lehman.com>
X-Face: #<@""pDMxa>Mr$Wp[^l7e1RwB6]&7pRp,f=|)6y5?t45X$y(xx.x^?k~;-d>s:SL86Qt82U
 'M!RC3LrDvD/LjiYdGO!:\/\qx?YabgGC9%xw5%0-W05LRvyu9vB9TYk%5PN|C*0WgrXD-L0'g3j;h
X-Windows: The first fully modular software disaster.
Organization: Lehman Brothers Inc.
From: Rick Campbell <rickc@lehman.com>
To: Valdis.Kletnieks@vt.edu
Cc: simmonmt@acm.org, xemacs-beta@xemacs.org
Subject: Re: Mailcrypt for PGP 5.0 
In-Reply-To: Your message of "Tue, 09 Sep 1997 14:48:38 EDT."
             <199709091848.OAA15274@black-ice.cc.vt.edu> 
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: multipart/signed; protocol="application/pgp-signature";
 boundary="pgp-sign-Multipart_Tue_Sep__9_21:51:29_1997-1"; micalg=pgp-md5
Content-Transfer-Encoding: 7bit
Date: Tue, 09 Sep 1997 22:15:59 -0400
Sender: rickc@lehman.com

--pgp-sign-Multipart_Tue_Sep__9_21:51:29_1997-1
Content-Type: text/plain; charset=US-ASCII

[ This message is at least very tangential, if not completely off-topic ]

    From: Valdis.Kletnieks@vt.edu
    Date: Tue, 09 Sep 1997 14:48:38 -0400

    Please note that the pgpi.com version is *international*.  It does
    NOT include the calls to RSAREF2, and as such, runs afoul of RSA's US
    patents if used inside the US.  If you are inside the US, please wait
    until they release the US-clean version.

    Or so I've been told by a PGP Inc employee.

More or less true at the moment.[1]  No country except the
U. S. recognizes any patent rights for RSA because the algorithm
(which is just modular exponentiation[2] with specially selected
values) was published before the patent application was filed (!)

Since the U. S. does recognize patent rights and because RSA DSI
claims to own the patent rights[3] and because RSA DSI freely licenses
the use of RSAREF, many people consider it to be illegal for
U. S. users to use the (faster) international version.

On the other hand, since RSA DSI only licenses non-profit use of
RSAREF and (most?) non-profit use is outside the scope of patent
law[4], many people consider it to be perfectly legal for U. S. users
to use the international version in (almost?) any situation where they
could use the free version of PGP.

I think that the vast majority of people agree that, regardless of the
legality, it's safer, or at least less controversial, for U. S. users
to avoid RSA implementations other than RSAREF.

Footnotes: 
[1]  U. S. Patent #4,405,829 (RSA) expires in 1107 days (3y, 0m, 11d).

[2]  ciphertext = message^e (mod n)
     message = ciphertext^d (mod n)
     n and e are the public key, d is the private key.
     Signing is just encrypting with the private key.
     Key generation is beyond the scope of this message, see
     Schneier's _Applied_Cryptography_ (2nd edition), p. 467.

[3]  With the dissolution of Public Key Partners, Cylink has been
     contesting various RSA DSI rights claims.  I don't know what the
     current legal status is, but it's almost certainly being
     contested.

[3]  I'm not a lawyer.  However a fair number of people who claim to
     be lawyers have said things to the effect of ``patent law is
     about making money'' and that it cannot be used to limit research
     and other non-profit uses.

--pgp-sign-Multipart_Tue_Sep__9_21:51:29_1997-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP MESSAGE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBNBYCzFtTztlqB385AQGx+wP/U/c5yCX4jjm1CocD4TT8foU/8Aj5kAjl
Sc91be2/HO0sB7IsKnGV34rxcxaYgzN9+29qrp/SSxaFaOk/BGoPOnQbNULv54iK
Gi3t7Xz6JHW1/AyKKNfusDHdCzdOiyG9LXVNkAoitIuAkO9CU/418rfYgeW2LzCY
eoumgeDWAeo=
=+1Vy
-----END PGP MESSAGE-----

--pgp-sign-Multipart_Tue_Sep__9_21:51:29_1997-1--

