[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TALK, ACTION, CHANGE Re: Cryptography



Anthony Gatlin writes:
> > In other words, let's start using resources other than talk.
> > Talk is cheap but actions are the catalysts of change.
Mike Godwin replies:
> Talk may also be the catalyst for change. See, e.g., the Federalist
> Papers and the First Amendment.

Both of you are, of course, right :-)  One of the valuable things about
cypherpunks is that there *has* been a fair amount of action,
though every once in a while we need to step back and ask
"What are we DOING here?".  As one of the manifestoes around says,
"Cypherpunks write code."  PGP has had a remarkable success in getting
strong crypto out to thousands of people, increasing the interest in
the technical community and reaching out to other communities,
and giving us something that, if push comes to shove, we can use
to communicate with no chance of government eavesdropping.  That's good.
When it first came out, I got a copy for just that reason,
because strong crypto may later be banned.  I've also got RIPEM,
which is legally kosher, though it doesn't have the key distribution /
certification infrastructure that's been built with PGP.  (Yet!)
PGP has been a really useful research tool for that.

However, for many of us, using PGP for non-research applications,
like sending messages to our friends, IS in violation of RSA's patents.
Ripping off your allies is a bad policy; better to turn competitors into friends.
I don't happen to like algorithm patents, and I especially dislike
the overbroad claims made by the collection of patents held by PKP,
but R,S,&A, and Diffie and Hellman, HAVE given us some really powerful
techniques that we wouldn't have had if they hadn't developed or published.
They've been relatively flexible about free licenses, 
the RSAREF code lets us do real work within a reasonably broad framework,
and while they've written some heavy cease-and-desist threats to some  of us,
they *haven't actually sued any of us, and as far as I can tell they're
basically on our side of the people-vs-government-control game.
We need to work together with them, though obviously we need to keep trying
to convince them to let us do more, either for free or for money;
I hope they'll turn around.  PGP has certainly been a catalyst for getting
them to address our part of the market....

Whenever possible, at least for the next 5-7 years until the patents expire,
I'm planning to put up with the limits of their licenses for production code,
though research is a different story.  Besides, there's a certain amount of
hack value in programming with one hand tied behind your back :-) ;
we can do just about everything we need using the RSAREF interface, though
some applications would be simpler and cleaner without its limitations.

One especially nice thing about RSAREF is the ability to use our work
internationally.  Sure, they're covering their behinds by forbidding
export of the RSAREF code, but they haven't told use we can't
export code written to use their interfaces, or forbidden us to
use RSAREF to communicate across the political borders.
Using illegal code like PGP to do so creates too much opportunity
for the SS/NSA/etc to bust us, even if RSA hasn't pressed charges.

			Bill Stewart
			
# Bill Stewart    [email protected]  +1-908-949-0705 Fax-4876
# AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ  07733-3030