Primed and ready
By Sam Williams
September 07, 2000
Perhaps hoping to stifle any Mozilla-type celebration within the anti-software patent community, RSA Security (RSAS), official administrators of the RSA public key encryption patent, dumped their crown jewel into the public domain on Wednesday, two weeks ahead of schedule.
Originally granted on Sept. 20, 1983, the RSA algorithm patent was set to expire on the 17th anniversary of that original grant due to federal patent law.
"So much misinformation has been spread recently regarding the expiration of the RSA algorithm patent that we wanted to create an opportunity to state the facts," said RSA Security Chief Executive Officer Art Coviello in a Wednesday press announcement.
One of the chief facts Coviello wanted to point out was the online economy's utter dependence upon public key encryption as a "foundation" for secure online commerce. While this multibillion dollar dependence on a single company is the primary reason many members of the software development community object to the notion of patenting algorithms, Coviello saw it as a positive testament to the San Mateo, Calif.-based company's marketing skills.
Symbolic step
"Releasing the RSA algorithm into the public domain now is a symbolic next step in the evolution of this market," Coviello said.
Both RSA Security and the RSA algorithm get their names from Ronald Rivest, Adi Shamir and Leonard Adelman, the three MIT scientists who in 1977 first developed the mathematical formula for public key encryption. After receiving a patent on their algorithm in 1983, the three scientists co-founded RSA Security, the company that licensed RSA.
Since 1983, RSA has become something of a de facto standard for electronic cryptography, being used in everything from credit card machines to email security to mobile phone scramblers.
Although the algorithm's public domain makes it possible for developers to use it for free, a factor which should significantly lower the cost of high-end cryptography software, it is unclear how this will affect the open source community. RSA Security has spent the past three years building upon its RSA base, developing additional closed source encryption tools. A number of open source companies, including Red Hat (RHAT) and Covalent Group (CVGR), license these tools in addition to the RSA patent.
"The RSA key algorithm that has been released into the public domain is only a small part of the code needed to provide SSL services in Apache, for example," says Randy Terbush, chief executive officer of Covalent, which develops Raven SSL, an Apache security module. "While this release does eliminate the patent issue and the need to license this code from RSA, it does not eliminate the issues we face in exporting a product with cryptography in it.
"We also are licensing the entire RSA SSL-C crypto engine in our product to take advantage of RSA's experience providing cryptography code to the software industry. This announcement does not really change anything from our perspective."
Theo De Raadt, project leader for OpenBSD says the security conscious decision may incorporate a free version of RSA in the next release, slated for December. Then again, OpenBSD users have always had a way around the patent.
Because the patent only applies inside the U.S., non-U.S. users simply could download a library package that included RSA functionality via OpenBSD's Canadian servers. U.S. users could, too, provided they were willing to run the risk of antagonizing RSA Security's lawyers.
Getting around the system
"I would guess that 99 percent of our users install one of the ssl library packages to activate ssh, httpsd, and the various ipsec components that want RSA features," writes DeRaadt via email. "The expiration just means that the remaining one percent of users who were afraid can install it anyways."
Despite the early release, some hacker groups are still planning to celebrate the Sept. 20 release date. Both the Bay FF, a Bay Area version of the Electronic Frontier Foundation and Bay Area Cypherpunks are planning to commemorate the events.
Dave Del Torto, a member of the Bay Area Cypherpunks who will speak at the BayFF event on Monday, says his group is planning a party of its own somewhere on or near the 17-year anniversary.
Event time and location have yet to be announced, but Del Torto says his group will be aiming for something closer to the original Mozilla source code release party in 1998. "It will be a doozy," he said.
As for the timing of RSA Security's announcement, Del Torto said it shouldn't affect crypto-hackers' enthusiasm.
"The party is all about the future of crypto and human rights, and not about dwelling in the past," he said. "The only thing it may have changed is that it may make it easier for Jim Bidzos and the RSA Labs folks to show up."
Sam Williams is a freelance writer covering open source software and high-tech culture. If you would like to submit a letter to the editor regarding this story, email online@upside.com
upside.com |
