home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky sci.crypt:5707 alt.security.pgp:191
- Path: sparky!uunet!noc.near.net!transfer.stratus.com!ellisun.sw.stratus.com!cme
- From: cme@ellisun.sw.stratus.com (Carl Ellison)
- Newsgroups: sci.crypt,alt.security.pgp
- Subject: Re: PKP/RSA comments on PGP legality
- Date: 15 Dec 1992 20:34:57 GMT
- Organization: Stratus Computer, Software Engineering
- Lines: 82
- Message-ID: <1glfhhINNbia@transfer.stratus.com>
- References: <1galtnINNhn5@transfer.stratus.com> <hmiller.724397340@lucpul.it.luc.edu>
- NNTP-Posting-Host: ellisun.sw.stratus.com
-
- In article <hmiller.724397340@lucpul.it.luc.edu> hmiller@lucpul.it.luc.edu (Hugh Miller) writes:
- > Mr. Bidzos gives the appearance of being a very effective lawyer,
- >representing the interests of his company, RSADSI/PKP, well.
- > Consider the post via Carl Ellison. By not making it under his own
- >name, but under Carl's headers, he achieves a double purpose. First, he
- >veils his threat. A veiled threat, of course, works better than a naked
- >one, since it leaves a greater measure of uncertainty in the mind of
- >potential end-users. And, after all, that is one of the principal aims
- >of the posting: to scare off potential end-users of PGP, currently the
- >world's most popular public-key encryption program. Second, he presents
- >the spectacle to the Net of an intimidated potential end-user, to wit,
- >Carl. This is also psychologically quite effective, as we in the
- >Internet community have the tendency to identify with Carl, being like
- >him. There has been a rush of postings on alt.security.pgp lately
- >urging the dropping of PGP for RIPEM. How very convenient. Success, so
- >far.
- [etc.]
-
- My posting was instigated by me. It was written by a group at PKP and RSA,
- including the corporate lawyer(s), I believe. [I tell lawyer jokes like
- anyone else, but do happen to have a number of lawyer friends (and one
- relative) so I don't write off lawyers totally. I'll listen and make up my
- own mind.]
-
-
- I don't see what RSA and PKP wrote as a veiled threat. I believe their
- intentions are well known. They want to continue making money off their
- patent. They, like us, would probably like to see the export laws become
- more rational (although I don't speak for them). They have even more
- reason to fear those export laws than we do since their very existence
- depends on not being shut down. I really believe that they need to keep
- their noses especially clean -- so I accept the argument that possible ITAR
- violations by PGP are enough for them to keep their hands off.
-
- No one at RSA used me in this posting. I had originally asked (months ago)
- if I could buy an individual RSA use license from them in order to make it
- legal for me to use PGP. I was turned down. From there, I continued the
- discussion and heard over several mail messages substantially what was in
- the posting.
-
- As I kept reading sci.crypt, I felt it was time to say something and was
- about to post from what I had learned in those exchanges but instead I
- wrote to RSA asking them if they'd like to post something. I would rather
- let them word it than do it all myself.
-
- They didn't want to post directly but were willing to write something
- which I could post. I agreed so that's what happened.
-
- I do not speak for RSA. I am not their employee. I do choose to honor
- their patent and obey the ITAR (I think/hope). [I use company computers
- and have been strongly advised to behave this way by my company's lawyers.]
-
-
-
- If I were to buy a PC for myself (which I've never bothered doing because
- the ones I get at work are so good, and I have free use of them in my own
- time :-), I don't know what I would use for security. I have RSAREF. I'd
- probably roll my own or use RIPEM (once it's finally released). Or, I might
- even buy a commercial package like MailSafe -- although I believe that PGP
- will set the worldwide standard for mail interchange just like UNIX set
- standards -- and for the same reason: it's free and therefore ubiquitous.
-
-
-
- What I use today is my own secret-key algorithm together with scripts which
- let me conveniently interface with Sun's Mail (or the VMS MAIL command).
- [I have versions for Sun, VAX VMS, Stratus VOS and soon to be MIPS.
- I'll probably port it to HP-UX soon. But this is just historical accident.
- If I were starting over today, I'd use
-
- compress|des|tran|des|tran|des
-
- and transmit the keys with RSA, using RSAREF. This would take a special
- modification to RSAREF, but I believe it wouldn't be hard to get.]
-
- --Carl
-
- --
- -- <<Disclaimer: All opinions expressed are my own, of course.>>
- -- Carl Ellison cme@sw.stratus.com
- -- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
- -- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
-