Why CAST as default in PGP?

0 views
Skip to first unread message

Michael Pak

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to
Hi. (Sorry, but I didn't find the asnwer to this one in the FAQs...)

Is there any particular reason that the default symmetric cipher in
PGP 5.5.3i (when
using Diffie-Hellman/DSS) is CAST and not IDEA? Is there a deeper reason

than simply CAST being before IDEA (and triple-DES) in alphabetic order?

Schneier says in his "Applied Cryptography" that in his opinion IDEA is
the best
and most secure cipher known to the date of his writing. So why not put
IDEA as
default? Is it due to some recent published attacks?

Regards,
Misha.

Jim Gillogly

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to
Michael Pak wrote:
> Is there any particular reason that the default symmetric cipher in
> PGP 5.5.3i (when
> using Diffie-Hellman/DSS) is CAST and not IDEA? Is there a deeper reason
>
> than simply CAST being before IDEA (and triple-DES) in alphabetic order?

Diffie-Hellman and CAST are both available free - no licensing required.
RSA and IDEA are both patented and need to be licensed. PGP appears to
be migrating to unencumbered algorithms.

--
Jim Gillogly
Sterday, 29 Winterfilth S.R. 1998, 14:32
12.19.5.11.2, 13 Ik 15 Yax, Sixth Lord of Night

Gurripato (x=nospam)

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to
On Tue, 20 Oct 1998 15:54:04 +0200, Michael Pak
<vulcao...@netvision.net.il> wrote:

>Hi. (Sorry, but I didn't find the asnwer to this one in the FAQs...)
>

> Is there any particular reason that the default symmetric cipher in
>PGP 5.5.3i (when
>using Diffie-Hellman/DSS) is CAST and not IDEA? Is there a deeper reason
>
>than simply CAST being before IDEA (and triple-DES) in alphabetic order?
>

>Schneier says in his "Applied Cryptography" that in his opinion IDEA is
>the best
>and most secure cipher known to the date of his writing. So why not put
>IDEA as
>default? Is it due to some recent published attacks?
>

Most likely it is due to patent problems. CAST is royalty-free,
while there is a patent on IDEA

Bruce Schneier

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to
On Tue, 20 Oct 1998 15:54:04 +0200, Michael Pak
<vulcao...@netvision.net.il> wrote:

>Hi. (Sorry, but I didn't find the asnwer to this one in the FAQs...)
>
> Is there any particular reason that the default symmetric cipher in
>PGP 5.5.3i (when
>using Diffie-Hellman/DSS) is CAST and not IDEA? Is there a deeper reason
>
>than simply CAST being before IDEA (and triple-DES) in alphabetic order?
>
>Schneier says in his "Applied Cryptography" that in his opinion IDEA is
>the best
>and most secure cipher known to the date of his writing. So why not put
>IDEA as
>default? Is it due to some recent published attacks?

For the record, I am less enamoured of IDEA these days. It is still
secure, in that there are no published attacks, but I like other
algorithms a lot better.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com

Steve

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to
why ?


Bruce Schneier wrote in message <362cc3b0...@news.visi.com>...

David Crick

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to
Bruce Schneier wrote:
>
> For the record, I am less enamoured of IDEA these days. It is still
> secure, in that there are no published attacks, but I like other
> algorithms a lot better.

I seem to remember some rumour of IDEA only having a true key space
of 2^56. Or am I confusing this with it's "weak keys"?

On that subject, what exactly are the weak keys weak at? Again I
remember something about them being weak in the sense that if
they've been used you can recognise them (?), but what implications
does this have in the "real world"?

David.

--
+---------------------------------------------------------------------+
| David Crick dac...@mcmail.com http://members.tripod.com/~vidcad/ |
| Damon Hill WC '96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| Brundle Quotes Page: http://members.tripod.com/~vidcad/martin_b.htm |
| PGP Public Key: (RSA) 0x22D5C7A9 00252D3E4FDECAB3 F9842264F64303EC |
+---------------------------------------------------------------------+

Alexander Majarek, Sascha, SAM

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to

David Crick wrote:

> I seem to remember some rumour of IDEA only having a true key space
> of 2^56. Or am I confusing this with it's "weak keys"?
>
> On that subject, what exactly are the weak keys weak at? Again I
> remember something about them being weak in the sense that if
> they've been used you can recognise them (?), but what implications
> does this have in the "real world"?

Here's what I remember concerning the weak keys of the IDEA-algorithm:

There exist 2^56 weak keys, which make a ciphertext vulnerable to attacks
in a way that you can identify the message as being encrypted with a weak
key and decipher it.

But the overall keyspace should make these weak keys negligible. AFAIK the
chances that this will happen to you is 1 to (a number you simply can't
imagine) ... and if this doesn't comfort you, you should still have the
possibility to check if you used a weak one ...

I remember reading a short article on this problem some months ago, but I
don't remember where it was (a quick search via ALTAVISTA didn't show any
useable results).

HTH
SAM
--
*************************************************
ThinkTank (FN 157681i, HG Wien)
Quinta da Friedali, Jedleseer Str. 25, A-1210 Wien
Tel: +43-1-271 44 00-0; FAX: 43-1-271 44 00-20
http://www.ThinkTank.at mailto:ma...@ThinkTank.at
PGP-Key: http://www.ThinkTank.at/ttank.pgp
*************************************************

vcard.vcf

David Sternlight

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to

"Gurripato (x=nospam)" wrote:>

> >Schneier says in his "Applied Cryptography" that in his opinion IDEA is
> >the best
> >and most secure cipher known to the date of his writing. So why not put
> >IDEA as
> >default? Is it due to some recent published attacks?
> >

> Most likely it is due to patent problems. CAST is royalty-free,
> while there is a patent on IDEA

I don't understand the logic of the phrase"patent problems". It seems to
imply that PGP can make users pay for PGP's intellectual property while PGP
is trying to avoid paying for others' intellectual property. Am I the only
one who thinks this to be rather hypocritical? (We saw the same behavior
with respect to RSA.)

More broadly, any advocacy by PGP or supporters of its commercial products
that "crypto should be free" and patents should be avoided, while defending
PGP's own right to charge for ITS software, must be seen for the mendacity
it is.

Finally, with respect to "free" PGP, since RSAREF is also free, there is no
case to be made there for failing to continue to include RSA.

David

David

David Sternlight

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to

Jim Gillogly wrote:

> Michael Pak wrote:
> > Is there any particular reason that the default symmetric cipher in
> > PGP 5.5.3i (when
> > using Diffie-Hellman/DSS) is CAST and not IDEA? Is there a deeper reason
> >
> > than simply CAST being before IDEA (and triple-DES) in alphabetic order?
>

> Diffie-Hellman and CAST are both available free - no licensing required.
> RSA and IDEA are both patented and need to be licensed. PGP appears to
> be migrating to unencumbered algorithms.

I see. And are they also migrating toward no longer charging for
commercial-use PGP? ;-)

David


David Sternlight

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to

Sam Trenholme

unread,
Oct 20, 1998, 3:00:00 AM10/20/98
to
[Follow-ups set to the PGP newsgroup]

Hey David. Good to see you are still around.

>I don't understand the logic of the phrase"patent problems". It seems to
>imply that PGP can make users pay for PGP's intellectual property while PGP
>is trying to avoid paying for others' intellectual property.

The only time PGP broke patent concerns was in the free releases of PGP.
This was in the early 90s where you had to break patents to have decent
crypto, before Blowfish, the expiration of the PK patent, etc.

ViaCrypt PGP has always been good WRT patents, as were versions of PGP 2.5
and up--as long as they were used only for personal use.

> Am I the only one who thinks this to be rather hypocritical?

PGP has since become a commercial product. People who want 100% free
mail packages can look at GPG or Pegwit.

In fact, the only reason to still use PGP is for legacy support these
days, IMHO.

>Finally, with respect to "free" PGP, since RSAREF is also free, there is no
>case to be made there for failing to continue to include RSA.

As a note, RSAREF is only free for personal use.

- Sam


--
Note that the return address for this message times out in two weeks.

Andrew Haley

unread,
Oct 21, 1998, 3:00:00 AM10/21/98
to
David Sternlight (da...@sternlight.com) wrote:

: "Gurripato (x=nospam)" wrote:>

: > >Schneier says in his "Applied Cryptography" that in his opinion IDEA is
: > >the best
: > >and most secure cipher known to the date of his writing. So why not put
: > >IDEA as
: > >default? Is it due to some recent published attacks?
: > >
: > Most likely it is due to patent problems. CAST is royalty-free,
: > while there is a patent on IDEA

: I don't understand the logic of the phrase"patent problems". It seems to


: imply that PGP can make users pay for PGP's intellectual property while PGP
: is trying to avoid paying for others' intellectual property.

Actually, it doesn't. It means that PGP prefer to use unpatented
algorithms; the issue of paying for others' intellectual property does
not arise in that case.

: Am I the only one who thinks this to be rather hypocritical?

I suspect so. You seem to be confusing patents with copyrights by
lumping them together under the broad term "intellectual property".
It is not unreasonable to want to maintain one's copyright while
condemning the use of patent law to protect software systems.

: More broadly, any advocacy by PGP or supporters of its commercial products


: that "crypto should be free" and patents should be avoided, while defending
: PGP's own right to charge for ITS software, must be seen for the mendacity
: it is.

No. It is not hypocritical to assert that copyright is appropriate
for software while patents are not.

: Finally, with respect to "free" PGP, since RSAREF is also free,


: there is no case to be made there for failing to continue to include
: RSA.

There is scant justification for failing to continue to include RSA, I
agree, assuming that the use of RSAREF really is free in both paid-for
and free products.

Andrew.

ssim...@hertreg.ac.uk

unread,
Oct 21, 1998, 3:00:00 AM10/21/98
to
In article <70kirb$bdq$1...@korai.cygnus.co.uk>,

a...@cygnus.remove.co.uk (Andrew Haley) wrote:
> David Sternlight (da...@sternlight.com) wrote:
>
> : "Gurripato (x=nospam)" wrote:>
>
> : > >Schneier says in his "Applied Cryptography" that in his opinion IDEA is
> : > >the best
> : > >and most secure cipher known to the date of his writing. So why not put
> : > >IDEA as
> : > >default? Is it due to some recent published attacks?
> : > >
> : > Most likely it is due to patent problems. CAST is royalty-free,
> : > while there is a patent on IDEA
>
> : I don't understand the logic of the phrase"patent problems". It seems to
> : imply that PGP can make users pay for PGP's intellectual property while PGP
> : is trying to avoid paying for others' intellectual property.

I don't pay for PGP's intellectual property. I am a non-business user.

>
> Actually, it doesn't. It means that PGP prefer to use unpatented
> algorithms; the issue of paying for others' intellectual property does
> not arise in that case.
>

This is a very important issue now that open-PGP is becoming a standard (via
the IETF). It would be very unfortunate if the standard mandated algorithms
that were subject to patent restrictions - especially as equivalent (or
better) algorithms are available unencumbered.


Elgamal, DSA, SHA-1 (necessary for DSA) & CAST5 or 3DES - what a combination
:-)


Sam Simpson
Comms Analyst
-- See http://www.hertreg.ac.uk/ss/ for ScramDisk, a free virtual disk
encryption for Windows 95/98. PGP Keys available at the same site.

-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own

David Sternlight

unread,
Oct 21, 1998, 3:00:00 AM10/21/98
to

Andrew Haley wrote:
>
> I suspect so. You seem to be confusing patents with copyrights by
> lumping them together under the broad term "intellectual property".
> It is not unreasonable to want to maintain one's copyright while
> condemning the use of patent law to protect software systems.

I could not disagree more. It is national policy (and the law) to
protect intellectual property; patents and copyright are simply two
special cases. One of the main policy objectives is to encourage the
development of such property by giving the developer, creator, or
inventor protected benefits for a stated period of time. In the case of
patents there is an additional policy objective of obtaining public
disclosure (to advance the general state of the art), in exchange for
the protection. Thus I think any distinction between copyright and
patent of the sort you are making misses the point and is pernicious
both to the public policy aims and the law.

>
> : More broadly, any advocacy by PGP or supporters of its commercial products
> : that "crypto should be free" and patents should be avoided, while defending
> : PGP's own right to charge for ITS software, must be seen for the mendacity
> : it is.
>
> No. It is not hypocritical to assert that copyright is appropriate
> for software while patents are not.

No such assertion is being made in this discussion, except by you. In
the case of RSA the invention is a process, for which the patent is a
process patent. The software is simply one explication. To argue
otherwise would suggest invalidating chemical process plant patents and
many other such "process" patents.

There is no issue here, except on the part of those who do not
understand what is going on and assume that because the protection of
PGP is copyright on software, the patent for RSA is also on the
software. It is not. It is on ANY explication of the specific process
they have invented. Thus PGP is seeking to take advantage of one kind of
intellectual property protection while trying to avoid it when someone
else's intellectual property is involved, and a specious "patent vs.
copyright" argument is being made in an attempt to rationalize it.

Actually, RSA has far more right to intellectual property protection on
public policy grounds than PGP. RSA is a genuinely new invention. All
PGP did was take other people's existing algorithms--there is no
genuinely new invention there.

>
> : Finally, with respect to "free" PGP, since RSAREF is also free,
> : there is no case to be made there for failing to continue to include
> : RSA.
>
> There is scant justification for failing to continue to include RSA, I
> agree, assuming that the use of RSAREF really is free in both paid-for
> and free products.

I'm discussing "free" PGP in this point. RSAREF is free for
non-commercial use. My point is that they cannot argue that they have to
pay for RSA when it comes to "free" PGP, so they have no legitimate case
for suppressing it in free versions starting with 5.x. It is simply
another case of commercial thuggery of the sort we're seeing from such
as Bill "We'll pay you to screw Netscape" Gates.

David

Isaac

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
On Tue, 20 Oct 1998 21:20:02 +0200, Alexander Majarek, Sascha, SAM
<s...@ThinkTank.at> wrote:
>
>There exist 2^56 weak keys, which make a ciphertext vulnerable to attacks
>in a way that you can identify the message as being encrypted with a weak
>key and decipher it.
>
>But the overall keyspace should make these weak keys negligible. AFAIK the
>chances that this will happen to you is 1 to (a number you simply can't
>imagine) ... and if this doesn't comfort you, you should still have the
>possibility to check if you used a weak one ...

I suspect you mean 2 raised to the unimaginable. 1 raised to any number
is just 1.

Isaac

Christopher Biow

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
ssim...@hertreg.ac.uk wrote:

>It would be very unfortunate if the standard mandated algorithms
>that were subject to patent restrictions - especially as equivalent (or
>better) algorithms are available unencumbered.

>Elgamal, DSA, SHA-1 (necessary for DSA) & CAST5 or 3DES - what a combination

Note that it is *not* clear that DSA/SHA-1 are unencumbered by patents. See
the recent threads on sci.crypt on this subject.


jsa...@freenet.edmonton.ab.ca

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
David Sternlight (da...@sternlight.com) wrote:
: I don't understand the logic of the phrase"patent problems". It seems to
: imply that PGP can make users pay for PGP's intellectual property while PGP
: is trying to avoid paying for others' intellectual property. Am I the only
: one who thinks this to be rather hypocritical? (We saw the same behavior
: with respect to RSA.)

In this specific case, although one can criticize PGP for initially
showing disrespect for the RSA patent, I don't see how any complaint is
justified.

It is perfectly sensible for a programmer, seeking to produce a program
for sale, to avoid the use of patented algorithms in the program where
other non-proprietary ones are also suitable, for the same reason that it
makes sense for the programmer to choose the lowest-cost supplier of
cardboard boxes to package copies of his program in; it's just a question
of minimizing overhead.

John Savard

jsa...@freenet.edmonton.ab.ca

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
David Sternlight (da...@sternlight.com) wrote:
: I could not disagree more. It is national policy (and the law) to

: protect intellectual property; patents and copyright are simply two
: special cases.

Well, it is true that there is also trade secret law.

However, the phrase "intellectual property" is something that basically
originated with lobbyists for Hollywood who want broad extensions to the
copyright laws not envisaged by the signers of the Declaration of
Independence and the drafters of the Constitution.

In order to encourage progress in the arts and sciences, the government of
the United States, through patent and copyright, grants to artists and
inventors a limited-time monopoly in their works. It is this monopoly
which has a monetary value, and can be termed 'property' if one chooses.

And that is the sum and total of the property inhering in works and
inventions, the monopoly that the government is pleased to grant their
creators for the sake of its public policy goals in encouraging the arts
and sciences. Patent and copyright rest upon the government's power to tax
and to create monopolies (the U.S. has a postal monopoly, even though the
Constitution limits government created monopolies to patent and copyright,
but perhaps there's an explanation for that) and are most emphatically not
the enforcement of a pre-existing natural law right of people in the same
way as the laws of murder, assault, and theft forbid acts which are
inherently wrong.

This does not, by the way, mean that violating copyrights and patents is
not morally wrong in addition to being illegal; the creators of
copyrighted works and the inventors of patented inventions expended effort
in doing so, effort based on an understanding between them and society
that they would recieve copyrights and patents in return. Thus copyright
and patent infringement - as opposed to copying literary works and
inventions under a circumstance where copyright and patent laws had never
been enacted - violates a natural law right of their creators in the same
way that fraud or breach of contract does.

Trade secrecy does relate directly to natural law, specifically to the
right of privacy.

John Savard

jsa...@freenet.edmonton.ab.ca

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
Christopher Biow (bi...@ezmort.com) wrote:
: Note that it is *not* clear that DSA/SHA-1 are unencumbered by patents. See

: the recent threads on sci.crypt on this subject.

In addition to the expired Diffie-Hellman patent, DSA may be encumbered by
other patents such as one on a generalization of El Gamal mentioned in AC
as being 'the most troublesome' because it is fairly recent.

But while SHA-1 is very similar to MD5, as I recall the people at RSADSI
neither ask royalties for MD5 nor object to the use of SHA-1. Or did
someone say the NSA has a patent on SHA-1?

John Savard

David Sternlight

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to

jsa...@freenet.edmonton.ab.ca wrote:

> Thus copyright
> and patent infringement violates a natural law right of their creators in


> the same
> way that fraud or breach of contract does.

I've redacted Savard's post because I think the above is the relevant matter
with respect to this discussion.

David

David Sternlight

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to

jsa...@freenet.edmonton.ab.ca wrote:

> David Sternlight (da...@sternlight.com) wrote:
> : I don't understand the logic of the phrase"patent problems". It seems to
> : imply that PGP can make users pay for PGP's intellectual property while PGP
> : is trying to avoid paying for others' intellectual property. Am I the only
> : one who thinks this to be rather hypocritical? (We saw the same behavior
> : with respect to RSA.)
>
> In this specific case, although one can criticize PGP for initially
> showing disrespect for the RSA patent, I don't see how any complaint is
> justified.

To the contrary, to use a metaphor, Phil has never purged himself of that
original sin. Thus assertion of copyright by him under such circumstances
remains hypocritical if not mendacious, in my opinion. It is not enough, in the
moral calculus, to stop sinning on receipt of a cease and desist letter,.
Repentance and restitution is also required

If he went to confession, made amends, and received absolution I might feel
differently.

David

Andrew Haley

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
David Sternlight (da...@sternlight.com) wrote:

: Andrew Haley wrote:

: In the case of RSA the invention is a process, for which the patent


: is a process patent. The software is simply one explication. To
: argue otherwise would suggest invalidating chemical process plant
: patents and many other such "process" patents.

So you say, but that doesn't make it so. An algorithm, which
manipulates only information (no matter is involved) may easily be
distinguished from a process. Not to make this distinction frustrates
the clearly stated intention of the framers of patent law.

: There is no issue here, except on the part of those who do not


: understand what is going on and assume that because the protection of
: PGP is copyright on software, the patent for RSA is also on the
: software.

You can't make the issue go away simply by claiming that it does not
exist, or that those who disagree eith you do not understand. It is
apparently a breach of RSA's patent to use any non-licensed product
which implements the RSA algorithm. In that sense, and only in that
sense, RSA's patent is a patent on the RSA algorithm.

Any so-called process patent which prevents one implementing and using
an algorithm for some purpose is effectively a patent on that
algorithm. Whether or not you choose to call it a "process patent" is
irrelevant: we could call it an "aardvark patent" and it wouldn't make
the slightest difference to the effect of the patent.

: It is not. It is on ANY explication of the specific process they


: have invented. Thus PGP is seeking to take advantage of one kind of
: intellectual property protection while trying to avoid it when
: someone else's intellectual property is involved, and a specious
: "patent vs. copyright" argument is being made in an attempt to
: rationalize it.

You say that the argument is specious. I say that it is not.

: Actually, RSA has far more right to intellectual property protection on


: public policy grounds than PGP.

What a bizarre assertion. Any sensible public policy would promote
the widespread adoption of public-key encryption: the security of the
net is far more important than the royalties of any inventor.

: RSA is a genuinely new invention. All PGP did was take other


: people's existing algorithms--there is no genuinely new invention
: there.

True: no genuinely new invention, but lots of genuine sweat.

: > : Finally, with respect to "free" PGP, since RSAREF is also free,


: > : there is no case to be made there for failing to continue to include
: > : RSA.
: >
: > There is scant justification for failing to continue to include RSA, I
: > agree, assuming that the use of RSAREF really is free in both paid-for
: > and free products.

: I'm discussing "free" PGP in this point. RSAREF is free for
: non-commercial use. My point is that they cannot argue that they have to
: pay for RSA when it comes to "free" PGP, so they have no legitimate case
: for suppressing it in free versions starting with 5.x.

But: if they have to pay to use RSA in the commercial product, and
they don't want to pay, they must omit RSA from the free product in
order to preserve compatibility.

Andrew.

ssim...@hertreg.ac.uk

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
It will be interesting to see if either of these possible patent infringements
results in litigation.

Have RSADSI, who manage the Claus Schnorr's 1991 patent indicated that they
will pursue infringements?

As was previously mentioned in sci.crypt:
"...it is the Hellman-Merkle Patent #4,218,582 that claims to cover all known
(and unknown ;-) methods of Public Key..."

It _could_ be suggested that RSADSI won't litigate against users of DSA for
this very reason? e.g. the courts could decide that patent 4,218,582 covers
_all_ PK systems - and the RSA patent could be shown to be void. This would
obviously be counter to RSADSI's best interests :-)

Not sure about SHA-1 patent issues....Hitachi's claim looks very vague (I am
not a patent lawyer - which I am sure is obvious....)

I think I'll continue to use DSA/SHA-1 until Hitachi/RSADSI starts chucking
its legal weight around. The US government seems to be taking the same
stance....


Regards,

Sam Simpson
Comms Analyst
-- See http://www.hertreg.ac.uk/ss/ for ScramDisk, a free virtual disk
encryption for Windows 95/98. PGP Keys available at the same site.

In article <362f3105...@enews.newsguy.com>,


bi...@ezmort.com (Christopher Biow) wrote:
> ssim...@hertreg.ac.uk wrote:
>
> >It would be very unfortunate if the standard mandated algorithms
> >that were subject to patent restrictions - especially as equivalent (or
> >better) algorithms are available unencumbered.
>
> >Elgamal, DSA, SHA-1 (necessary for DSA) & CAST5 or 3DES - what a combination
>

> Note that it is *not* clear that DSA/SHA-1 are unencumbered by patents. See
> the recent threads on sci.crypt on this subject.

-----------== Posted via Deja News, The Discussion Network ==----------

ssim...@my-dejanews.com

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
And you have never apologised for lying on these very newsgroups. Your point?

If Phil has done wrong then let the courts punish him. Your bleating
endlessly in this forum is getting really tedious.

The long and the short of it is that Phil has done an awful lot for
cryptography. And you have done nothing.

To quote Aristophanes "You have all the characteristics of a popular
politician: a horrible voice, bad breeding, and a vulgar manner."

I'd suggest you take up a hobby. Preferably something dangerous.....

In article <362F0352...@sternlight.com>,
David Sternlight <da...@sternlight.com> wrote:
>
>
> jsa...@freenet.edmonton.ab.ca wrote:
<SNIP>


> To the contrary, to use a metaphor, Phil has never purged himself of that
> original sin. Thus assertion of copyright by him under such circumstances
> remains hypocritical if not mendacious, in my opinion. It is not enough, in
the
> moral calculus, to stop sinning on receipt of a cease and desist letter,.
> Repentance and restitution is also required
>
> If he went to confession, made amends, and received absolution I might feel
> differently.
>
> David
>
>

-----------== Posted via Deja News, The Discussion Network ==----------

John Savard

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
David Sternlight <da...@sternlight.com> wrote, in part:

>If he went to confession, made amends, and received absolution I might feel
>differently.

One uses _baptism_ to deal with Original Sin! :)

John Savard
http://members.xoom.com/quadibloc/index.html

David Sternlight

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to

John Savard wrote:

> David Sternlight <da...@sternlight.com> wrote, in part:
>
> >If he went to confession, made amends, and received absolution I might feel
> >differently.
>
> One uses _baptism_ to deal with Original Sin! :)

If Phil is Jewish then the Pope has told all Catholics that the Jews don't need
to be saved--Moses already did that on Sinai.

In such a case what is needed is "Teshuva" (confession, repentance, and amends).
Then absolution comes from above and the sin is erased.

:-)

David


David Sternlight

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to

Andrew Haley wrote:

> David Sternlight (da...@sternlight.com) wrote:
>
> : Andrew Haley wrote:
>
> : In the case of RSA the invention is a process, for which the patent
> : is a process patent. The software is simply one explication. To
> : argue otherwise would suggest invalidating chemical process plant
> : patents and many other such "process" patents.
>
> So you say, but that doesn't make it so. An algorithm, which
> manipulates only information (no matter is involved) may easily be
> distinguished from a process. Not to make this distinction frustrates
> the clearly stated intention of the framers of patent law.

You are wrong on the facts. Many patented processes may be expressed as
mathematical formulae, and are explicated by computer programs. It is not
alternative explications which count, but the notions of "invention" and
"process".

>
>
> : There is no issue here, except on the part of those who do not
> : understand what is going on and assume that because the protection of
> : PGP is copyright on software, the patent for RSA is also on the
> : software.
>
> You can't make the issue go away simply by claiming that it does not
> exist, or that those who disagree eith you do not understand. It is
> apparently a breach of RSA's patent to use any non-licensed product
> which implements the RSA algorithm. In that sense, and only in that
> sense, RSA's patent is a patent on the RSA algorithm.

See above. The RSA algorithm is but an expression of the process. Any
non-licensed product infringes if it uses the patented process. That the
process may be expressed mathematically is irrelevant.

>
>
> Any so-called process patent which prevents one implementing and using
> an algorithm for some purpose is effectively a patent on that
> algorithm.

See above. The refutation is trivial--there are many algorithms which are not
an explication of a patentable process and are thus not patentable.

You are putting the cart before the horse by thinking RSA is just another
formula and then comparing it with unpatentable formulae. It is a process,
and the formula is simply one expression of the process. Other expressions
can include special purpose chips, hardware, etc. I suggest you read the
patent.


> Whether or not you choose to call it a "process patent" is
> irrelevant: we could call it an "aardvark patent" and it wouldn't make
> the slightest difference to the effect of the patent.

It is not I, but patent law and practice which counts. "Process patent" is a
term of art in patent law. There is no similar term of art for "aardvark
patent".

>
>
> : It is not. It is on ANY explication of the specific process they
> : have invented. Thus PGP is seeking to take advantage of one kind of
> : intellectual property protection while trying to avoid it when
> : someone else's intellectual property is involved, and a specious
> : "patent vs. copyright" argument is being made in an attempt to
> : rationalize it.
>
> You say that the argument is specious. I say that it is not.

As I have shown above, your assertion is based on ignorance.

>
>
> : Actually, RSA has far more right to intellectual property protection on
> : public policy grounds than PGP.
>
> What a bizarre assertion. Any sensible public policy would promote
> the widespread adoption of public-key encryption: the security of the
> net is far more important than the royalties of any inventor.

If your argument were to be accepted there would be no drug patents, and
vastly fewer new drugs. It is not the benefits of the invention which
determine patent policy, but the need to protect the invention investment
process itself. That is a far more overriding public policy consideration
since it produces massive benefits across the board.

>
>
> : RSA is a genuinely new invention. All PGP did was take other
> : people's existing algorithms--there is no genuinely new invention
> : there.
>
> True: no genuinely new invention, but lots of genuine sweat.

Last time I looked, sweat was not patentable. The test is invention.

>
>
> : > : Finally, with respect to "free" PGP, since RSAREF is also free,
> : > : there is no case to be made there for failing to continue to include
> : > : RSA.
> : >
> : > There is scant justification for failing to continue to include RSA, I
> : > agree, assuming that the use of RSAREF really is free in both paid-for
> : > and free products.
>
> : I'm discussing "free" PGP in this point. RSAREF is free for
> : non-commercial use. My point is that they cannot argue that they have to
> : pay for RSA when it comes to "free" PGP, so they have no legitimate case
> : for suppressing it in free versions starting with 5.x.
>
> But: if they have to pay to use RSA in the commercial product, and
> they don't want to pay, they must omit RSA from the free product in
> order to preserve compatibility.

Since one can get RSA in the commercial product for an extra fee, this
argument fails.

David


Patrick Juola

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to
In article <362FA08B...@iereview.com>,

David Sternlight <edi...@iereview.com> wrote:
>
>
>Andrew Haley wrote:
>
>> David Sternlight (da...@sternlight.com) wrote:
>>
>> : Andrew Haley wrote:
>>
>> : In the case of RSA the invention is a process, for which the patent
>> : is a process patent. The software is simply one explication. To
>> : argue otherwise would suggest invalidating chemical process plant
>> : patents and many other such "process" patents.
>>
>> So you say, but that doesn't make it so. An algorithm, which
>> manipulates only information (no matter is involved) may easily be
>> distinguished from a process. Not to make this distinction frustrates
>> the clearly stated intention of the framers of patent law.
>
>You are wrong on the facts. Many patented processes may be expressed as
>mathematical formulae, and are explicated by computer programs. It is not
>alternative explications which count, but the notions of "invention" and
>"process".

But this is very explicitly a new interpretation of patent law, based
exclusively on case law, and in the opinion of many IP lawyers, a
classic example of "bad law."

Or, to put it another way, Mr. Haley's facts are more correct than
yours if you actually bother to read the legislative history.

-kitten

David Sternlight

unread,
Oct 22, 1998, 3:00:00 AM10/22/98
to

Patrick Juola wrote:

> Or, to put it another way, Mr. Haley's facts are more correct than
> yours if you actually bother to read the legislative history.

You cannot persuade that the earth is flat by assertion. RSA _has_ a patent.
PGP does not.

David


Gurripato (x=nospam)

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to

>To the contrary, to use a metaphor, Phil has never purged himself of that
>original sin. Thus assertion of copyright by him under such circumstances
>remains hypocritical if not mendacious, in my opinion. It is not enough, in the
>moral calculus, to stop sinning on receipt of a cease and desist letter,.
>Repentance and restitution is also required

What sin? When he made PGP 1.0, the feeling was that the US Gov was
about to declare crypto outlawed. In such a quasi-1984 (a la Orwell), who
would worry about patent details? As for "assertion of copyright by him",
only version 5.x has copyright, and remember Phil Z. is no longer in control
(he is now "fellow" at NAI, whatever it means). If we are so openly dealing
about crypto, it is partly thanks to him.


>If he went to confession, made amends, and received absolution I might feel
>differently.
>

You mean something likt shouting "man, how sorry I am I wrote PGP.
Please forgive me, Uncle Sam, I will abide to whatever the NSA will decree"?
Not in my lifetime!!!


Padgett 0sirius

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to
>>Schneier says in his "Applied Cryptography" that in his opinion IDEA is
>>the best and most secure cipher known to the date of his writing.

Well there is a difference between "the most secure" and "good enough" in
theory but not really in practise. What you really want in a symmetric
cipher is something that can encrypt/decrypt large blocks of data in a
standard PC (these days that means 32 bit registers) while being resistant
enough to attack that no-one will try, either now or in the forseeable
future.

Once you get past 64 bits with an algorithm that has no back doors (e.g. has
been adeqately studied), it is cheaper to just buy someone with access to
the information. IDEA, CAST-128, and Triple-DES all have "enough" security.
Given that, other factors (speed, lack of patent encumberance - don't get me
started on that) become the deciders.

The part that is surprising to me is the lack of cipher OIDs. RSA would seem
to be headed for a monopoly on CAs simply because they have the only
X.509 asymmetric definitions that browsers recognise - or have I missed
something ? Bruce - do you have one for BLOWFISH and TWOFISH ? - do not even
see an IANA listing for Counterpane.

A. Padgett Peterson, P.E. Cybernetic Psychophysicist
http://www.freivald.org/~padgett/index.html
to avoid antispam use mailto:pad...@gdi.net PGP 6.0 Public Key Available

Padgett 0sirius

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to
>I see. And are they also migrating toward no longer charging for
>commercial-use PGP? ;-)

Leave us not be absurd. The real value of PGP these days is not the cipher,
that is incidental, but the GUI, the plugins, and the key servers. My
perception of the problem with RSA is not even the patent but the
unrealistic licensing. Even as NAI (PGP's current parent) is moving toward
bundling with volume and site licensing, but that RSA was still insisting on
"per CPU" licenses.

Years ago when RSAREF was introduced, I refrained from even using the "
freeware" after reading the licensing requirements.

Andrew Haley

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to
David Sternlight (edi...@iereview.com) wrote:
: Andrew Haley wrote:

: > David Sternlight (da...@sternlight.com) wrote:
: >
: > : Andrew Haley wrote:
: >
: > : In the case of RSA the invention is a process, for which the patent
: > : is a process patent. The software is simply one explication. To
: > : argue otherwise would suggest invalidating chemical process plant
: > : patents and many other such "process" patents.
: >
: > So you say, but that doesn't make it so. An algorithm, which
: > manipulates only information (no matter is involved) may easily be
: > distinguished from a process. Not to make this distinction frustrates
: > the clearly stated intention of the framers of patent law.

: You are wrong on the facts. Many patented processes may be expressed as
: mathematical formulae, and are explicated by computer programs. It is not
: alternative explications which count, but the notions of "invention" and
: "process".

Which are, to all intents and purposes, meaningless in the context of
software. Every algorithm is an invention, and implements a process.

Anyone can do the RSA trick of describing a box of ICs which implement
an algorithm and thereby obtain a patent on all implementations of the
algorithm.

: > Any so-called process patent which prevents one implementing and using


: > an algorithm for some purpose is effectively a patent on that
: > algorithm.

: See above. The refutation is trivial--there are many algorithms
: which are not an explication of a patentable process and are thus
: not patentable.

Give me an example of such an algorithm. No-one has ever, to the best
of my knowledge, produced a decision procedure by which one may
distinguish between an algorithm and a patentable process.

: You are putting the cart before the horse by thinking RSA is just another


: formula and then comparing it with unpatentable formulae. It is a process,
: and the formula is simply one expression of the process. Other expressions
: can include special purpose chips, hardware, etc. I suggest you read the
: patent.

If you believe that there is a meaningful distinction between an
algorithm and a process, why don't you explain it in such a way that
we can tell the difference?

I have heard many attempts to distinguish between processes and
procedures based purely on mathematical formulae, and all such
attempts have involved so much handwaving as to be meaningless.

: > : It is not. It is on ANY explication of the specific process they


: > : have invented. Thus PGP is seeking to take advantage of one kind of
: > : intellectual property protection while trying to avoid it when
: > : someone else's intellectual property is involved, and a specious
: > : "patent vs. copyright" argument is being made in an attempt to
: > : rationalize it.
: >
: > You say that the argument is specious. I say that it is not.

: As I have shown above, your assertion is based on ignorance.

So you say: in fact, you have failed to show any such thing. The
distinction between the legitimacy of patent and copyright law in this
case is the crux of the argument.

: > : Actually, RSA has far more right to intellectual property protection on


: > : public policy grounds than PGP.
: >
: > What a bizarre assertion. Any sensible public policy would promote
: > the widespread adoption of public-key encryption: the security of the
: > net is far more important than the royalties of any inventor.

: If your argument were to be accepted there would be no drug patents,
: and vastly fewer new drugs. It is not the benefits of the invention
: which determine patent policy, but the need to protect the invention
: investment process itself. That is a far more overriding public
: policy consideration since it produces massive benefits across the
: board.

This is obviously untrue for software. Before patent law was applied
to software, there was no shortage of invention. There is not the
slightest evidence that software patents have increased the amount of
invention in the software industry.

The only possible justification for patents is to encourage invention.
Software patents do not do so, therefore software patents are
unjustified.

: > : RSA is a genuinely new invention. All PGP did was take other


: > : people's existing algorithms--there is no genuinely new invention
: > : there.
: >
: > True: no genuinely new invention, but lots of genuine sweat.

: Last time I looked, sweat was not patentable. The test is invention.

No, the test is sweat: I was talking about copyright law. PGP do not
claim the protection of patent law.

: > : I'm discussing "free" PGP in this point. RSAREF is free for


: > : non-commercial use. My point is that they cannot argue that they have to
: > : pay for RSA when it comes to "free" PGP, so they have no legitimate case
: > : for suppressing it in free versions starting with 5.x.
: >
: > But: if they have to pay to use RSA in the commercial product, and
: > they don't want to pay, they must omit RSA from the free product in
: > order to preserve compatibility.

: Since one can get RSA in the commercial product for an extra fee, this
: argument fails.

In what sense? I said "if they don't want to pay" a couple of lines
above.

Andrew.

Andrew Haley

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to
David Sternlight (edi...@iereview.com) wrote:


: Patrick Juola wrote:

PGP has never sought patent protection, only copyright protection.

The argument is not about whether patent law, as it stands, can be
used to protect algorithms; it clearly can. The argument is whether
the use of patent law in this way, without any legslation, is
legitimate.

I suspect that software patents have been allowed because those
judging the cases were not sufficiently technically knowledgeable to
understand the field. All of the hardware description in such patents
is to confuse the patent inspectors, so that they do not realize that
mathematical formulae are being patented.

Andrew.

David Sternlight

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to
I have never been persuaded by an argument that the other guy didn't know what he
was doing but the speaker did under circumstances where learned judges were
assisted by expert witnesses, particularly when the speaker does not appear to
have read the transcripts nor possess any relevant expertise on the matter.

In other words, it is a bad idea to shoot from the hip in an area where technical
expertise and serious process is involved.

David

Bryan G. Olson; CMSC (G)

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to

Christopher Biow (bi...@ezmort.com) wrote:

: Note that it is *not* clear that DSA/SHA-1 are unencumbered by patents. See


: the recent threads on sci.crypt on this subject.

Relax. They're several years old and widely used; nobody pays
royalties for them and nobody gets in trouble. Let's help
spread strong crypto, not FUD.

--Bryan

Bryan G. Olson; CMSC (G)

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to
David Sternlight (da...@sternlight.com) wrote:

: jsa...@freenet.edmonton.ab.ca wrote:
[a convincing refutation of Sternlight's argument]

: To the contrary, to use a metaphor, Phil has never purged himself of that


: original sin. Thus assertion of copyright by him under such circumstances
: remains hypocritical if not mendacious, in my opinion. It is not enough, in the
: moral calculus, to stop sinning on receipt of a cease and desist letter,.
: Repentance and restitution is also required

So Mr. Savard's was right about your current charges, and really
this is the same old whining you've been on for years.

: If he went to confession, made amends, and received absolution I might feel
: differently.

That's Phil Zimmerman you're talking about. You need to show
a little respect.

--Bryan


David Sternlight

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to

Andrew Haley wrote:

> : You are wrong on the facts. Many patented processes may be expressed as
> : mathematical formulae, and are explicated by computer programs. It is not
> : alternative explications which count, but the notions of "invention" and
> : "process".
>
> Which are, to all intents and purposes, meaningless in the context of
> software. Every algorithm is an invention, and implements a process.

There are strict limits on what kinds of processes can be patented. RSA is a
process that was patentable and given a patent. "Algorithm" has nothing to do
with it--that's just one form of expression. A blueprint is another form of
expression. English is a third. There is nothing special about an algorithm that
means if something can be expressed that way it isn't patentable. Same for
software. It's the basic process that is either patentable or not, and once it is
the forms of expression are all covered if the patent is properly drawn.
Otherwise you could build a computer to perform many patented processes and thus
invalidate the process.

>
>
> Anyone can do the RSA trick of describing a box of ICs which implement
> an algorithm and thereby obtain a patent on all implementations of the
> algorithm.

It's not a "trick" any more than using a blueprint, or English to express a
patentable process is a "trick". You are still putting the cart before the horse.
From the point of view of patent law it is the process that is patented. That it
can be expressed as an algorithm is irrelevant.

>
>
> : > Any so-called process patent which prevents one implementing and using
> : > an algorithm for some purpose is effectively a patent on that
> : > algorithm.
>
> : See above. The refutation is trivial--there are many algorithms
> : which are not an explication of a patentable process and are thus
> : not patentable.
>
> Give me an example of such an algorithm.

2+2=4. Cannot be patented because of prior art and publication for more than a
year.


> No-one has ever, to the best
> of my knowledge, produced a decision procedure by which one may
> distinguish between an algorithm and a patentable process.

To the contrary the patent law is fairly clear. It isn't a distinction between a
patentable process and an algorithm, but between one patentable process and an
unpatentable one, both of which might be expressed in various notations including
algorithms.

>
>
> : You are putting the cart before the horse by thinking RSA is just another
> : formula and then comparing it with unpatentable formulae. It is a process,
> : and the formula is simply one expression of the process. Other expressions
> : can include special purpose chips, hardware, etc. I suggest you read the
> : patent.
>
> If you believe that there is a meaningful distinction between an
> algorithm and a process, why don't you explain it in such a way that
> we can tell the difference?

There is no difference. The difference is between one patentable process and an
unpatentable one, both of which might be expressible as algorithms.

>
>
> I have heard many attempts to distinguish between processes and
> procedures based purely on mathematical formulae, and all such
> attempts have involved so much handwaving as to be meaningless.

That's not the issue, as I've pointed out. Again you put the cart before the
horse.

>
>
> : As I have shown above, your assertion is based on ignorance.
>
> So you say: in fact, you have failed to show any such thing.

To the contrary, I have shown it. This post is simply repeating myself in more
detail since you apparently missed the central point of the previous post.

> The
> distinction between the legitimacy of patent and copyright law in this
> case is the crux of the argument.

No. Patents are patents and copyrights are copyrights. One may copyright any
computer program that's an original one and doesn't infringe another copyright.
One may patent certain processes which could be expressible as computer programs.
One could even copyright such a program which practices US patent. Note that
language--it is central to the terms of art of the discussion. Some computer
programs practice a US patent. Others do not. Both might also be copyrightable.

The rest of your argument is similarly muddy, but being peripheral I won't take
the time to further extend this post.

David


David Sternlight

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to

You mean like the respect he showed for other people's property?

David


David Sternlight

unread,
Oct 23, 1998, 3:00:00 AM10/23/98
to

"Gurripato (x=nospam)" wrote:

> >To the contrary, to use a metaphor, Phil has never purged himself of that
> >original sin. Thus assertion of copyright by him under such circumstances
> >remains hypocritical if not mendacious, in my opinion. It is not enough, in the
> >moral calculus, to stop sinning on receipt of a cease and desist letter,.
> >Repentance and restitution is also required
>

> What sin? When he made PGP 1.0, the feeling was that the US Gov was
> about to declare crypto outlawed. In such a quasi-1984 (a la Orwell), who
> would worry about patent details?

The ends do not justify the means. Have you never studied ethics?

> As for "assertion of copyright by him",
> only version 5.x has copyright, and remember Phil Z. is no longer in control
> (he is now "fellow" at NAI, whatever it means). If we are so openly dealing
> about crypto, it is partly thanks to him.
>

> >If he went to confession, made amends, and received absolution I might feel
> >differently.
> >
>

> You mean something likt shouting "man, how sorry I am I wrote PGP.
> Please forgive me, Uncle Sam, I will abide to whatever the NSA will decree"?
> Not in my lifetime!!!

Nothing to do with Uncle Sam or the NSA. I mean something straightforward, such as
"I acknowledge that it was an error of judgment to publish PGP without an RSA
license, and I apologize. SInce RSADSI suffered substantial economic damage from
that act and what followed, I am signing over 20% of my stock in NA to RSADSI as an
expression of regret."

David

Ed Stone

unread,
Oct 24, 1998, 3:00:00 AM10/24/98
to
In article <3630D7D3...@iereview.com>, edi...@iereview.com says...

> I have never been persuaded by an argument that the other guy didn't know what he
> was doing but the speaker did under circumstances where learned judges were
> assisted by expert witnesses, particularly when the speaker does not appear to
> have read the transcripts nor possess any relevant expertise on the matter.
>
> In other words, it is a bad idea to shoot from the hip in an area where technical
> expertise and serious process is involved.
>
> David
<snip>


"Your guess is irrational, since PGP itself uses S/MIME."
<338252...@sternlight.com>

--
--
-------------------------------
Ed Stone
est...@synernet-robin.com
remove "-birdname" spam avoider
-------------------------------

Ed Stone

unread,
Oct 24, 1998, 3:00:00 AM10/24/98
to
In article <36310C05...@iereview.com>, edi...@iereview.com says...

>
>
> "Bryan G. Olson; CMSC (G)" wrote:
>
> > David Sternlight (da...@sternlight.com) wrote:
> >
> > : jsa...@freenet.edmonton.ab.ca wrote:
> > [a convincing refutation of Sternlight's argument]
> >
> > : To the contrary, to use a metaphor, Phil has never purged himself of that

> > : original sin. Thus assertion of copyright by him under such circumstances
> > : remains hypocritical if not mendacious, in my opinion. It is not enough, in the
> > : moral calculus, to stop sinning on receipt of a cease and desist letter,.
> > : Repentance and restitution is also required
> >
> > So Mr. Savard's was right about your current charges, and really
> > this is the same old whining you've been on for years.
> >
> > : If he went to confession, made amends, and received absolution I might feel
> > : differently.
> >

> > That's Phil Zimmerman you're talking about. You need to show
> > a little respect.
>
> You mean like the respect he showed for other people's property?
>
> David
>
>

Any new data, or perspective, or simply the same old rehashed rehash?

Piotr Kulinski

unread,
Oct 24, 1998, 3:00:00 AM10/24/98
to

>
>For the record, I am less enamoured of IDEA these days. It is still
>secure, in that there are no published attacks, but I like other
>algorithms a lot better.
>
>Bruce
>**********************************************************************
>Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
>101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
> Free crypto newsletter. See: http://www.counterpane.com

Which for example (Twofish -:) ) ????
Piotr Kulinski
ICQ UIN : 8533235
Technical University of Lodz , Poland
homepage:http://www.peter.z.pl
e-mail: pio...@cyberspace.org
PGP key : look at my homepage

Christopher Biow

unread,
Oct 24, 1998, 3:00:00 AM10/24/98
to

Hallelujah, let's spread strong crypto! But let's also be honest about it.
Particularly when addressing strong athentication freeware for Usenet, the
selection of algorithms may justly include even long-shot concerns about
legal liability. Given that Usenet often represents a zero-profit,
volunteer effort, the difference between "slight chance" of owing a patent
royalty fee and "no chance" may be quite important.

Better neither FUD nor blindness.

bryan...@uptronics.com

unread,
Oct 25, 1998, 2:00:00 AM10/25/98
to
Christopher Biow wrote:

> Given that Usenet often represents a zero-profit,
> volunteer effort, the difference between "slight chance" of owing a patent
> royalty fee and "no chance" may be quite important.

I know of not a single useful program less than 20 years old
that has "no chance" of infringing on a patent. In the case
for SHA-1 and DSA, we can have far more confidence that they
are free than we have for most other modern free software.

--Bryan

fungus

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to
David Sternlight wrote:
>
><blah blah>


Ho hum... Mr. Sternlight seems to be back again...


(And as "edi...@iereview.com" no less....)


--
<\___/>
/ O O \
\_____/ FTB.

Andrew Haley

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to
David Sternlight (edi...@iereview.com) wrote:
: I have never been persuaded by an argument that the other guy didn't

: know what he was doing but the speaker did under circumstances where
: learned judges were assisted by expert witnesses, particularly when
: the speaker does not appear to have read the transcripts nor possess
: any relevant expertise on the matter.

You have never been persuaded by any argument, no matter how logically
and forcefully expressed. That there is no hope of doing so in this
case is unsurprising.

: In other words, it is a bad idea to shoot from the hip in an area


: where technical expertise and serious process is involved.

Indeed.

Andrew.

Andrew Haley

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to
David Sternlight (edi...@iereview.com) wrote:
: Andrew Haley wrote:

: > : You are wrong on the facts. Many patented processes may be expressed as


: > : mathematical formulae, and are explicated by computer programs. It is not
: > : alternative explications which count, but the notions of "invention" and
: > : "process".
: >
: > Which are, to all intents and purposes, meaningless in the context of
: > software. Every algorithm is an invention, and implements a process.

: There are strict limits on what kinds of processes can be


: patented. RSA is a process that was patentable and given a patent.
: "Algorithm" has nothing to do with it--that's just one form of
: expression. A blueprint is another form of expression. English is a
: third. There is nothing special about an algorithm that means if
: something can be expressed that way it isn't patentable.

Well, actually there is: an algorithm consists only of mathematical
formulae, and there is no manipulation of anything else.

: Same for software. It's the basic process that is either patentable


: or not, and once it is the forms of expression are all covered if
: the patent is properly drawn. Otherwise you could build a computer
: to perform many patented processes and thus invalidate the process.

That's only true if such a process did not consist of anything other
than simple mathematical formulae; for example, using a computer to
control a chemical reaction would still be in breach of the patent.

: > Anyone can do the RSA trick of describing a box of ICs which implement


: > an algorithm and thereby obtain a patent on all implementations of the
: > algorithm.

: It's not a "trick" any more than using a blueprint, or English to
: express a patentable process is a "trick". You are still putting the
: cart before the horse. From the point of view of patent law it is


: the process that is patented. That it can be expressed as an
: algorithm is irrelevant.

So why bother with the trick? Why not simply describe the algorithm
in the patent?

The trick was done because at the time it was believed that algorithms
were unpatentable; only by describing the algorithm as a hardware
device was it possible to obtain the patent.

: > : > Any so-called process patent which prevents one implementing and using


: > : > an algorithm for some purpose is effectively a patent on that
: > : > algorithm.
: >
: > : See above. The refutation is trivial--there are many algorithms
: > : which are not an explication of a patentable process and are thus
: > : not patentable.
: >
: > Give me an example of such an algorithm.

: 2+2=4. Cannot be patented because of prior art and publication for
: more than a year.

That is not an algorithm. You complain about others' lack of
technical knowledge and yet you appear not to know what an algorithm
is.

: > : You are putting the cart before the horse by thinking RSA is


: > : just another formula and then comparing it with unpatentable
: > : formulae. It is a process, and the formula is simply one
: > : expression of the process. Other expressions can include special
: > : purpose chips, hardware, etc. I suggest you read the patent.
: >
: > If you believe that there is a meaningful distinction between an
: > algorithm and a process, why don't you explain it in such a way that
: > we can tell the difference?

: There is no difference.

Right. At last.

So now we have been able to determine that

a. You don't know what an algorithm is, and
b. There is no difference between a mathematical process and an
algorithm, so any new algorithm may be patented.

As a consequence of b, your objection to the terms "software patent"
and "algorithm patent" is without foundation.

Andrew.

Owen Lewis

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to

Andrew Haley wrote in message <70qg3j$gta$1...@korai.cygnus.co.uk>...

>This is obviously untrue for software. Before patent law was applied
>to software, there was no shortage of invention. There is not the
>slightest evidence that software patents have increased the amount of
>invention in the software industry.

With respect, it seems that you do not understand. An inventive process
is patentable because of three things only. That it is original, that it can
be shown to work and that the inventor is prepared to fully describe the
inventive process.

Whether this process is given practical form in brass and steel or whether
as one or more algorithms for a computer to run is immaterial at least
in the US, the EU and much else of the world.

Directing bile against the entire concept of property ownership is one
thing.
To direct it against property in the form of software only is irrational.

Owen
To mail me, remove jam from address

Owen Lewis

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to
Andrew Haley wrote in message <70qgg3$gta$2...@korai.cygnus.co.uk>...

>I suspect that software patents have been allowed because those
>judging the cases were not sufficiently technically knowledgeable to
>understand the field. All of the hardware description in such patents
>is to confuse the patent inspectors, so that they do not realize that
>mathematical formulae are being patented.


No. It is clear that it is your goodself who does not understand.

1. The basis and necessity in this modern world for the grant of
patent to inventions expressed in software is well understood by patent
lawyers and examiners, both, even if not by you.

2. For a patent to be granted on software it is not necessary for any
mathematical formula to ne specified in the patent.

You shoot from the hip and with emotion but without hard knowledge
of the facts. Sorry if that sounds hard but there is little mileage for you
to gain in continuing to say that it is the whole of the application of
relevant law in all the Patent Cooperation Treaty countries (88?)
that is out of step with you and is therefore wrong headed and unlawful.

David Sternlight

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to

Andrew Haley wrote:

> David Sternlight (edi...@iereview.com) wrote:
> : Andrew Haley wrote:
>

> : > : You are wrong on the facts. Many patented processes may be expressed as


> : > : mathematical formulae, and are explicated by computer programs. It is not
> : > : alternative explications which count, but the notions of "invention" and
> : > : "process".
> : >
> : > Which are, to all intents and purposes, meaningless in the context of
> : > software. Every algorithm is an invention, and implements a process.
>

> : There are strict limits on what kinds of processes can be
> : patented. RSA is a process that was patentable and given a patent.
> : "Algorithm" has nothing to do with it--that's just one form of
> : expression. A blueprint is another form of expression. English is a
> : third. There is nothing special about an algorithm that means if
> : something can be expressed that way it isn't patentable.
>
> Well, actually there is: an algorithm consists only of mathematical
> formulae, and there is no manipulation of anything else.

And a blueprint consists of lines on paper; there is no manipulation of anything
else. Your point was?

>
>
> : Same for software. It's the basic process that is either patentable
> : or not, and once it is the forms of expression are all covered if
> : the patent is properly drawn. Otherwise you could build a computer
> : to perform many patented processes and thus invalidate the process.
>
> That's only true if such a process did not consist of anything other
> than simple mathematical formulae; for example, using a computer to
> control a chemical reaction would still be in breach of the patent.

Your distinction is not clear. The RSA process consists of (in part) manipulating
an object (english plaintext) to produce another object (cipher text). That the
process of manipulating objects may be described mathematically is irrelevant. In
fact if you ask a mathematician, he will tell you that given sufficient time
anything may be described mathematically.

>
>
> : > Anyone can do the RSA trick of describing a box of ICs which implement


> : > an algorithm and thereby obtain a patent on all implementations of the
> : > algorithm.
>

> : It's not a "trick" any more than using a blueprint, or English to
> : express a patentable process is a "trick". You are still putting the
> : cart before the horse. From the point of view of patent law it is
> : the process that is patented. That it can be expressed as an
> : algorithm is irrelevant.
>
> So why bother with the trick? Why not simply describe the algorithm
> in the patent?

That's up to the patent applicant and the standards for what a patent must
include. You are now going from trying to tell the rest of the world what may be
patented to trying to tell the rest of the world how to prepare patent documents.
Give it a rest.

>
>
> The trick was done because at the time it was believed that algorithms
> were unpatentable; only by describing the algorithm as a hardware
> device was it possible to obtain the patent.
>

> : > : > Any so-called process patent which prevents one implementing and using


> : > : > an algorithm for some purpose is effectively a patent on that
> : > : > algorithm.
> : >
> : > : See above. The refutation is trivial--there are many algorithms
> : > : which are not an explication of a patentable process and are thus
> : > : not patentable.
> : >
> : > Give me an example of such an algorithm.
>

> : 2+2=4. Cannot be patented because of prior art and publication for
> : more than a year.
>
> That is not an algorithm. You complain about others' lack of
> technical knowledge and yet you appear not to know what an algorithm
> is.

It was shorthand for the addition algorithm. You seem to be slow on the uptake.
The addition algorithm isn't patentable both because of prior art and prior
publication. If you don't like that example, try the binomial theorem. You DO know
what the binomial theorem is, don't you?

>
>
> : > : You are putting the cart before the horse by thinking RSA is


> : > : just another formula and then comparing it with unpatentable
> : > : formulae. It is a process, and the formula is simply one
> : > : expression of the process. Other expressions can include special
> : > : purpose chips, hardware, etc. I suggest you read the patent.
> : >
> : > If you believe that there is a meaningful distinction between an
> : > algorithm and a process, why don't you explain it in such a way that
> : > we can tell the difference?
>

> : There is no difference.
>
> Right. At last.

What? If there is no difference then an algorithm may express a patentable
process. You have just conceded the argument.

>
>
> So now we have been able to determine that
>
> a. You don't know what an algorithm is, and

That you don't understand that 2+2=4 is shorthand for the addition algorithm is
just another demonstration of your inability to grasp concepts, which has got you
into trouble over the main discussion we're having.

>
> b. There is no difference between a mathematical process and an
> algorithm, so any new algorithm may be patented.

Sorry, you've got an excluded middle there and your syllogism is incomplete. Again
you are taking shorthand out of context. "There is no difference" applies to the
ability to describe a process by an algorithm. Of course there is a difference in
physicality, just as there is a difference between a map and the territory, or the
word "chair" and a chair. An algorithm is simply one way of describing. And when
it comes to patents, if the process is patentable, one may describe it in as many
ways as one likes.

You may write down and even publish the RSA algorithm all you want without
infringing the patent. You may not create a process, or software, or hardware that
practices the patent without infringing.

This shows the bogus nature of your logic. If the algorithm itself were patented,
you couldn't publish it or write it without infringing. Since you can, the
algorithm (when simply written down) is simply an expression of the patented
process which cannot itself practice the patent. One of the purposes of patent law
is to make public the knowledge of the process, while protecting the process.

If one were to build a device that could take the mathematical algorithm itself
and practice the patent, then the combination would be practicing the patent and
would, without a license, infringe. If one were to use the algorithm to practice
the patent by hand, one would be infringing. But to exhibit the algorithm itself
would not infringe.

I do not propose to continue this conversation since the matter is quite clear.

David

Andrew Haley

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to
Owen Lewis (o...@jameloka.demon.co.uk) wrote:

: Andrew Haley wrote in message <70qg3j$gta$1...@korai.cygnus.co.uk>...

: >This is obviously untrue for software. Before patent law was applied


: >to software, there was no shortage of invention. There is not the
: >slightest evidence that software patents have increased the amount of
: >invention in the software industry.

: With respect, it seems that you do not understand. An inventive process


: is patentable because of three things only. That it is original, that it can
: be shown to work and that the inventor is prepared to fully describe the
: inventive process.

No; you have not been paying attention. Patents which consist only of
mathematical formulae are specifically excluded, by statute.

: Whether this process is given practical form in brass and steel or whether


: as one or more algorithms for a computer to run is immaterial at least
: in the US, the EU and much else of the world.

So you say.

: Directing bile against the entire concept of property ownership is one
: thing.

Bile? What bile? This is a ludicrous strawman.

: To direct it against property in the form of software only is irrational.

On the contrary, until farly recently the opinion was widely held that
algorithms could not be patented as they consist only of mathematical
formulae. This turned out to be untrue, as it was possible to exploit
a loophole in the law, which was framed before software patents were
important.

As far as I know the legality of pure software patents has not been
tested in a high court.

There have been proposals (as part of GATT) to change patent law in
other countries order to allow the protection of algorithms; the
situation needs to be clarified.

Andrew.

David Sternlight

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to

Andrew Haley wrote:

> David Sternlight (edi...@iereview.com) wrote:
> : I have never been persuaded by an argument that the other guy didn't
> : know what he was doing but the speaker did under circumstances where
> : learned judges were assisted by expert witnesses, particularly when
> : the speaker does not appear to have read the transcripts nor possess
> : any relevant expertise on the matter.
>
> You have never been persuaded by any argument, no matter how logically
> and forcefully expressed. That there is no hope of doing so in this
> case is unsurprising.

Not only is this factually incorrect, but also you have now gone from
rational discussion to deliberate insult. Plonk!

David


Andrew Haley

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to
Owen Lewis (o...@jameloka.demon.co.uk) wrote:
: Andrew Haley wrote in message <70qgg3$gta$2...@korai.cygnus.co.uk>...

: >I suspect that software patents have been allowed because those
: >judging the cases were not sufficiently technically knowledgeable to
: >understand the field. All of the hardware description in such patents
: >is to confuse the patent inspectors, so that they do not realize that
: >mathematical formulae are being patented.

: No. It is clear that it is your goodself who does not understand.

: 1. The basis and necessity in this modern world for the grant of
: patent to inventions expressed in software is well understood by patent
: lawyers and examiners, both, even if not by you.

Actually, the allowability of software patents in US law is based on a
rather dubious interpretation of a precedent, _Diamond vs. Deihr_.
There has been no legislation to allow such patents, whatever you or
Sternlight think.

Patent examiners obviously prefer software patents to be allowed, and
so far they've been able to get away with it. It looks as though
they're going to win, and software petents will be blessed in law.

: 2. For a patent to be granted on software it is not necessary for any


: mathematical formula to ne specified in the patent.

Which was exactly my point, I believe.

: You shoot from the hip and with emotion but without hard knowledge
: of the facts.

You're parroting Sternlight now. As you're adding nothing new, see my
reply to him.

: Sorry if that sounds hard but there is little mileage for you to


: gain in continuing to say that it is the whole of the application of
: relevant law in all the Patent Cooperation Treaty countries (88?)
: that is out of step with you and is therefore wrong headed and
: unlawful.

Erm, no. The allowability of software patents is questionable, and
has been questioned by many others.

Andrew.

Andrew Haley

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to
David Sternlight (edi...@iereview.com) wrote:

: Andrew Haley wrote:

: > David Sternlight (edi...@iereview.com) wrote:
: > : Andrew Haley wrote:
: >

: > : Same for software. It's the basic process that is either patentable


: > : or not, and once it is the forms of expression are all covered if
: > : the patent is properly drawn. Otherwise you could build a computer
: > : to perform many patented processes and thus invalidate the process.
: >
: > That's only true if such a process did not consist of anything other
: > than simple mathematical formulae; for example, using a computer to
: > control a chemical reaction would still be in breach of the patent.

: Your distinction is not clear. The RSA process consists of (in part) manipulating
: an object (english plaintext) to produce another object (cipher text).

I've explained the distinction enough times, and I'm not doing it any
further. Your obtuseness apparently knows no bounds.

: > The trick was done because at the time it was believed that algorithms


: > were unpatentable; only by describing the algorithm as a hardware
: > device was it possible to obtain the patent.
: >
: > : > : > Any so-called process patent which prevents one implementing and using
: > : > : > an algorithm for some purpose is effectively a patent on that
: > : > : > algorithm.
: > : >
: > : > : See above. The refutation is trivial--there are many algorithms
: > : > : which are not an explication of a patentable process and are thus
: > : > : not patentable.
: > : >
: > : > Give me an example of such an algorithm.
: >
: > : 2+2=4. Cannot be patented because of prior art and publication for
: > : more than a year.
: >
: > That is not an algorithm. You complain about others' lack of
: > technical knowledge and yet you appear not to know what an algorithm
: > is.

: It was shorthand for the addition algorithm. You seem to be slow on the uptake.
: The addition algorithm

There is not such thing as "The addition algorithm." There are many
algorithms which perform addition, but there is no such thing as the
addition algorithm. "2+2=4" is not an algorithm.

: isn't patentable both because of prior art and prior publication. If


: you don't like that example, try the binomial theorem. You DO know
: what the binomial theorem is, don't you?

Yes. Do you know what an algorithm is? Hint: a theorem is not an
algorithm.

: > : > : You are putting the cart before the horse by thinking RSA is


: > : > : just another formula and then comparing it with unpatentable
: > : > : formulae. It is a process, and the formula is simply one
: > : > : expression of the process. Other expressions can include special
: > : > : purpose chips, hardware, etc. I suggest you read the patent.
: > : >
: > : > If you believe that there is a meaningful distinction between an
: > : > algorithm and a process, why don't you explain it in such a way that
: > : > we can tell the difference?
: >
: > : There is no difference.
: >
: > Right. At last.

: What? If there is no difference then an algorithm may express a patentable
: process. You have just conceded the argument.

My argument was with you, when you said that a process patent is not
an algorithm patent. If they are the same, we are in agreement.

: > So now we have been able to determine that


: >
: > a. You don't know what an algorithm is, and

: That you don't understand that 2+2=4 is shorthand for the addition
: algorithm

No, it isn't. You're floundering. "2+2=4" is not an algorithm. You
could have said "quicksort" or "Euclid's algorithm", or any one of
thousands of others. I don't think that you know what an algorithm
is, and you're blustering.

: is just another demonstration of your inability to grasp concepts,


: which has got you into trouble over the main discussion we're
: having.

Of course.

: > b. There is no difference between a mathematical process and an


: > algorithm, so any new algorithm may be patented.

: Sorry, you've got an excluded middle there and your syllogism is
: incomplete. Again you are taking shorthand out of context.

You've got yourself into a hole and are trying to dig yourself out.
Is there any difference between a mathematical process and an
algorithm or not?

: "There is no difference" applies to the ability to describe a


: process by an algorithm. Of course there is a difference in
: physicality, just as there is a difference between a map and the
: territory, or the word "chair" and a chair. An algorithm is simply
: one way of describing. And when it comes to patents, if the process
: is patentable, one may describe it in as many ways as one likes.

So may any new algorithm be protected by a patent or not? It's a
simple enough question.

: This shows the bogus nature of your logic. If the algorithm itself


: were patented, you couldn't publish it or write it without
: infringing.

Why? Patents only cover the use of an invention. One may describe or
think about a patented invention without infringing.

: If one were to build a device that could take the mathematical


: algorithm itself and practice the patent, then the combination would
: be practicing the patent and would, without a license, infringe. If
: one were to use the algorithm to practice the patent by hand, one
: would be infringing.

: But to exhibit the algorithm itself would not infringe.

: I do not propose to continue this conversation since the matter is
: quite clear.

It is indeed.

Andrew.


David Sternlight

unread,
Oct 26, 1998, 3:00:00 AM10/26/98
to

nos...@pd.jaring.my wrote:

<irrelevancies (see below) about "what's an algorithm" omitted>

>So maybe prior art wasn't the only thing preventing RSA from being patented

1. It was prior publication.
2. You are wrong, since IDEA carries a European patent as well as a Jap;anese and
US one.

David

kiss...@yahoo.com

unread,
Oct 27, 1998, 3:00:00 AM10/27/98
to
Seems like you two need to download a couple of e-mail programs and
start using them. Your bitching is just wasting bandwidth in the
newsgroup.

kiss...@yahoo.com

On 26 Oct 1998 18:44:33 GMT, a...@cygnus.remove.co.uk (Andrew Haley)
wrote:

nos...@pd.jaring.my

unread,
Oct 27, 1998, 3:00:00 AM10/27/98
to

> > : > Any so-called process patent which prevents one implementing and using
> > : > an algorithm for some purpose is effectively a patent on that
> > : > algorithm.

David Sternlight <edi...@iereview.com> wrote:
> > : See above. The refutation is trivial--there are many algorithms
> > : which are not an explication of a patentable process and are thus
> > : not patentable.

Andrew Haley wrote:
> > Give me an example of such an algorithm.

In article <36310830...@iereview.com>, David Sternlight


<edi...@iereview.com> wrote:
> 2+2=4. Cannot be patented because of prior art and publication for more than a
> year.

That is NOT an example of "such an algorithm". That is a muddy argument.

You thus have not backed up your assertion that "there are many algorithms


which are not an explication of a patentable process and are thus not

patentable." As you've said: 2+2=4 is not patentable because of prior art.

> The rest of your argument is similarly muddy, but being peripheral I won't
> take the time to further extend this post.
> David

Hmm..

Link.
http://www.uspto.gov/web/offices/pac/doc/general/what.htm
http://www.uspto.gov/web/offices/pac/compexam/examcomp.htm
For a more interesting debate see:
http://members.aol.com/paleymark/karmarkar.htm

nos...@pd.jaring.my

unread,
Oct 27, 1998, 3:00:00 AM10/27/98