Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:54 ADT
John Kelsey (kelsey@plnet.net)
Sat, 25 Jul 1998 17:08:48 -0500
-----BEGIN PGP SIGNED MESSAGE-----
[ To: CodherPlunks ## Date: 07/25/98 ##
Subject: Re: RC5/6 Patents - Clarifications ]
>Date: Fri, 24 Jul 1998 19:41:27 -0400
>To: "CodherPlunks@toad.com" <CodherPlunks@toad.com>
>From: Vin McLellan <vin@shore.net>
>Subject: Re: RC5/6 Patents - Clarifications
>Cc: lmccarth@cs.umass.edu, baldwin@rsa.com,
schneier@counterpane.com,
> perry@piermont.com
[Some stuff deleted to save space.]
> Baldwin argues that some 20-odd modes -- some of
>which are already patented by IBM, Certicom, and others --
>should be part of the (free-for-all-users) AES when it is
>issued. He's suggesting a broader definition of the
>royalty-free AES, not a more narrow one!
This is interesting. Rereading Bob's note, this meaning is
plausible for most, but not all, of its content. I and
nearly everyone else took Bob's note to mean that RSA
intended to demand money in order to allow them to use RC6
(if it became the AES) in anything but the four standard
modes. Now, the issue of licensing currently-patented ways
of using a generic block cipher, e.g. to build a strong hash
function out of the AES, is worth raising. But this didn't
seem to be Bob's point.
In one thing, though, I was probably too hasty. Bob raised
the issue of whether nonstandard modes might require
licensing. That's an important issue to raise, and he did
the community a service by raising it. We definitely don't
want to discover these issues a year after the AES winner
has been selected.
The rest of your note, though, is a little hard to
understand. After much deleted text, we come to:
> This teapot furor about whether a patented algorithm
>-- if one were eventually chosen to be the AES -- will be
>made available by the inventor free of patent encumberances
>is absurd. Of course it will be! NIST requires it and the
>US Congress demands it. Any contract transferring control of
>an algorithm to the US government so that it can become the
>AES will explicitly declare the algorithm, in all formats,
>to be royalty-free worldwide. That was part of initial call
>for AES candidates two years ago.
>
> We all _know_ this, don't we?
Now, this ``common knowledge'' is rather hard to square with
either of Bob's possible meanings. Either there *is* a
patent licensing issue, which needs to be addressed, or
there is not. It can't be both ways at once. If the AES
will be freely licenced to all comers in whatever form it is
used, then Bob's original comment makes no sense. Anyway,
the concern that we might turn out to have to license
nonstandard uses of the AES was a concern to a lot of people
who I'd expect to know this common knowledge, like Perry
Metzger, Bruce Schneier, and Bob Baldwin. Maybe it's only
common knowledge among lawyers?
> This is not a one-company issue. This is not a
>matter of intent, whim, or policy at RSA, or at IBM, NTT,
>Cylink, Entrust, or any other sponsoring vendor or
>institution with a patented or patent-pending AES candidate.
>It is (and should be) a matter of law and contract and
>federal policy.
>
> Baldwin's comments, to this audience, presumed this
>common knowledge.
I have reread Bob's original note a couple of times, and I
just can't see any way that the note squares with this
common knowledge. Let me include a quote from Bob's
original note that started this teapot furor:
>>> One of the ground rules for AES is that the winner
>>>will not enforce patent rights against implementations of
>>>AES that conform to the FIPS standards that will be
>>>published for the winner. This does not mean that the
>>>patent rights go away. For example, if RC6 becomes the
>>>AES, then RC5 does not become unencumbered by patents.
>>>Similarly, if the RC6 cipher is used in modes that are
>>>not covered by the FIPS, then implementations of those
>>>modes could be subject to patent enforcement. For example,
>>>if the modes do not cover building a digest function out
>>>of AES, then the winner will does not need to give up rights
>>>to AES as the basis for a digest function.
I just don't see how to read this paragraph in a way that
is consistent with this common knowledge you're talking
about. Again, if there are no patent licensing issues, then
Bob's raising a non-issue in the above paragraph. If there
are such issues, then we ought to discuss them, and Bob was
doing the community a service to bring them up. But it
can't be both ways.
Now, it's possible to raise the issue of whether it would be
a good idea to design a secure one-way hashing mode for the
AES, and include it in the freely-available bundle. I take
it that this is an issue that Bob is concerned with. But
it's not the issue being discussed there, as far as I can
tell. Am I missing something?
> Suerte,
> _Vin
Disclaimer: I am one of the designers of Twofish, a
competing AES candidate. Add grains of salt to taste.
- --John Kelsey, kelsey@counterpane.com / kelsey@plnet.net
NEW PGP print = 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNbpy7yZv+/Ry/LrBAQGN9gP+NLRKU+Os53cCpYjZG8qN5vMKi75tONKC
M6dm4kSlZETgOaaWSjVZrYl6pFWhBBU0fMh4nZgXfU/fp+ZjgtuMgLM40z8glqZM
eBmSrgtgO0OPggN7jkuPQfZtSnFweIRREnU+7DjRBzptr/CEYSqKSadQMeLIVKC1
HltKFgDppnU=
=POdw
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:54 ADT