[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKP sellout?
It's worth remembering that for the most part, corporations don't have
ethics, they have bottom lines. Most of PKP's objections to the DSA
were not really solid; rather, they were in defense of RSA as a profit
center. There only two really big ones -- that DSA as originally
proposed had too small a key size, and that it doesn't provide secrecy,
only authentication. The former has been fixed by NIST, and the latter
was a design goal.
In this case, NIST really had no choice but to deal with PKP. Apart
from the question of the Diffie-Hellman patent -- and in my opinion,
DSA definitely did infringe on it -- the proposed algorithm was very
close to Schnorr's algorithm, which was patented, and to which PKP had
purchased the rights. If NIST had gone ahead without making a deal
with PKP, the standard would have been tied up in lawsuits for years,
with the outcome quite uncertain. And while that may or may not have
suited this community, it would not meet NIST's objectives.
I don't see the hand of conspiracy here; rather, I see an encouraging
trend, that the private sector is able to compete in cryptographic
competence with NSA.
I am encouraged by the pledges to allow non-commercial use -- note the
lack of any RSAREF-like interface -- and to engage in non-discriminatory
licensing.
--Steve Bellovin