ML for G10, patent questions

Werner Koch wk at isil.d.shuttle.de
Sat Dec 6 21:06:28 CET 1997


Hello,

Martin Hamilton was so kind to host a mailing list for G10,
the upcoming PGP replacement:

OK - mail to g10-request at net.lut.ac.uk, with a message body of
'subscribe'. There's a automatically generated list archive at...
<URL:http://www.roads.lut.ac.uk/lists/g10/>


I have two questions concerning GNU politics:

* There is a RFC on the CAST block cipher (rfc2144) which states:

     The CAST-128 cipher described in this document is available worldwide
     on a royalty-free basis for commercial and non-commercial uses.

  So my question is, whether this is acceptable for GNU software. We do
  not need this algorithm, but some people think we should do so.  My
  personal opinion is that I don´t like the idea of supporting patented
  stuff.

* The DSS standard of the NIST specifies the DSA (digital signature
  architecture which has some patent problems:

  1. There is a a patent of Kravitz (5,231,668) assigned to "The United
     States of America as ...".  The NIST said, that say will make
     this patent world-wide available on a royalty-free basis.

  2. The Schnorr patent (4,995,082):  In a letter to the NIST Schnorr
     claimed that the DSA infringes his patent.  FIPS 186 (about DSS)
     states that "The Department of Commerce is not aware of any patents
     that would  be infringed by this standard".  I also heard, that the
     government will help if someone is sued on patent infringement while
     working on a project implementing DSS for governmental purposes.

  PGP 5 uses DSA instead of ElGamal signatures (which are equally
  secure) and the draft for OpenPGP specifies DSA as a MUST.  I don´t 
  like the idea to use DSA because of these patents (I think the only reason
  DSA has been developed was to have a standard which does not allow
  encryption - meanwhile it had been shown that it is possible to
  encrypt using DSA :-).

  Shall we use DSA (and be compatible with PGP 5) or use plain ElGamal 
  signatures and force the IETF to change the draft for OpenPGP by
  installing a huge base of users of G10? 


Werner      



-- 
Werner Koch, Duesseldorf  -   werner.koch at guug.de   -  PGP keyID: 0C9857A5





More information about the Gnupg-devel mailing list