patent questions

Richard Stallman rms at santafe.edu
Tue Dec 9 11:23:13 CET 1997 

    * There is a RFC on the CAST block cipher (rfc2144) which states:

	 The CAST-128 cipher described in this document is available worldwide
	 on a royalty-free basis for commercial and non-commercial uses.

      So my question is, whether this is acceptable for GNU software.

Yes it is.  The crucial thing is that it DOES permit use in free
software.

     We do
      not need this algorithm, but some people think we should do so.

I don't have any opinion on that question; I am not an expert on what
cryptography users want.  But if it is useful enough that we want to
support it, I would not exclude it because of the patent, given the
license terms shown above.

      1. There is a a patent of Kravitz (5,231,668) assigned to "The United
	 States of America as ...".  The NIST said, that say will make
	 this patent world-wide available on a royalty-free basis.

If they say this in a way we can legally hold them to, that is good
enough.  If they have not yet said it in such a way, we might want to
push them to go ahead and do so.

      2. The Schnorr patent (4,995,082):  In a letter to the NIST Schnorr
	 claimed that the DSA infringes his patent.  FIPS 186 (about DSS)
	 states that "The Department of Commerce is not aware of any patents
	 that would  be infringed by this standard".

Maybe we should ask for an expert's opinion on whether the patent does
cover the DSA, and whether it is likely to be valid.  Many patents are
mostly bluff.

      I also heard, that the
	 government will help if someone is sued on patent infringement while
	 working on a project implementing DSS for governmental purposes.

Could someone track this down and find out if it is really true?  If
this influences our decision, we should know for certain what the
situation is; exactly what help is being offered.

      PGP 5 uses DSA instead of ElGamal signatures (which are equally
      secure) and the draft for OpenPGP specifies DSA as a MUST.

      Shall we use DSA (and be compatible with PGP 5) or use plain ElGamal 
      signatures and force the IETF to change the draft for OpenPGP by
      installing a huge base of users of G10? 

Has someone tried simply asking politely for the people writing the
specification to permit El Gamal as an alternative?  We should always
ask someone to cooperate before assuming he won't.

More information about the Gnupg-devel mailing list