ML for G10, patent questions

Werner Koch wk@isil.d.shuttle.de
Sat, 6 Dec 1997 21:06:28 +0100 

Hello,

Martin Hamilton was so kind to host a mailing list for G10,
the upcoming PGP replacement:

OK - mail to g10-request@net.lut.ac.uk, with a message body of
'subscribe'. There's a automatically generated list archive at...
<URL:http://www.roads.lut.ac.uk/lists/g10/>


I have two questions concerning GNU politics:

* There is a RFC on the CAST block cipher (rfc2144) which states:

     The CAST-128 cipher described in this document is available worldwid=
e
     on a royalty-free basis for commercial and non-commercial uses.

  So my question is, whether this is acceptable for GNU software. We do
  not need this algorithm, but some people think we should do so.  My
  personal opinion is that I don=B4t like the idea of supporting patented
  stuff.

* The DSS standard of the NIST specifies the DSA (digital signature
  architecture which has some patent problems:

  1. There is a a patent of Kravitz (5,231,668) assigned to "The United
     States of America as ...".  The NIST said, that say will make
     this patent world-wide available on a royalty-free basis.

  2. The Schnorr patent (4,995,082):  In a letter to the NIST Schnorr
     claimed that the DSA infringes his patent.  FIPS 186 (about DSS)
     states that "The Department of Commerce is not aware of any patents
     that would  be infringed by this standard".  I also heard, that the
     government will help if someone is sued on patent infringement while
     working on a project implementing DSS for governmental purposes.

  PGP 5 uses DSA instead of ElGamal signatures (which are equally
  secure) and the draft for OpenPGP specifies DSA as a MUST.  I don=B4t=20
  like the idea to use DSA because of these patents (I think the only rea=
son
  DSA has been developed was to have a standard which does not allow
  encryption - meanwhile it had been shown that it is possible to
  encrypt using DSA :-).

  Shall we use DSA (and be compatible with PGP 5) or use plain ElGamal=20
  signatures and force the IETF to change the draft for OpenPGP by
  installing a huge base of users of G10?=20


Werner     =20



--=20
Werner Koch, Duesseldorf  -   werner.koch@guug.de   -  PGP keyID: 0C9857A=
5