[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tough Choices: PGP vs. RSA Data Security



-----BEGIN PGP SIGNED MESSAGE-----

I thought Eric's analysis of RSADSI/PKP's position was interesting,
but I have to take issue with a couple of points:

> Premise: RSADSI created RSAREF in order to license individuals.

This seems to assume that RSADSI needs to "license" individuals in order
to allow them to use the patent.  But I don't think this is the case.
RSADSI can simply say that individual, non-commercial use of the patents
is permitted by them.

In fact, they do say that, apparently.  As Pat Farrell reported today:

> I found that PKP has two simple philosophies: (1) they have a valid patent,
> and you must agree to this fact and (2) if you make money, they make
> money.

I understand that the FAQ from RSA confirms this, that non-commercial,
personal use of the patent is OK.  (Actually, I don't think this first
point, that "you have to agree that their patent is valid" is in the FAQ.
I think this was added specifically because the PGP documentation
criticizes the patent.)

So, it does not seem to me that they had to take _any_ specific action
in order to "license" individuals to use their patent non-commercially.
They simply had to say, as they already said, that such use is not
considered infringing.

> Since they don't make any money from it, there's
> no reason for them to spend much money paying lawyers to draft license
> agreements for products which bring in no income.  Therefore they want
> all non-income uses of the patents to be filtered through a single
> license.

Again, there is no need for them to pay lawyers to set up a host of
different "non-income" licenses.  There is no need to "filter" all such
uses through a single package.  Rather, a general blessing of non-commercial
use should be adequate.

> Assertion: The reason that RSADSI requires that individual licenses be
> mediated through RSAREF is that non-commercial software is inevitably
> used in commercial contexts.

Allow personal, non-commercial use does not mean they lose any rights to
sue companies which make money off the patent.  If a non-commercial product
(like PGP) is used in a commercial context then both Phil and Jim may
be expected to go after them.  This therefore is not at all a reason for
RSADSI to require individual licenses to be mediated through RSAREF.  Doing
that gives them no rights that they didn't already have.

> Remember, their main business is
> licensing.  All software used in a commercial context must be
> licensed, otherwise their main business is imperiled.  Were they to
> make separate licenses for every low end product, they would be in the
> same situation as if they licensed individuals--high overhead, small
> return.  Therefore, they license RSAREF to companies; this allows
> RSADSI to economically offer licensed use for all such low end
> software packages.

Here Eric is apparently talking about commercial use.  I think our discussions
are in the context of personal, non-commercial use.  We should clearly
separate these two issues.  Where a putatively non-commercial product,
whether RIPEM or PGP, is used in a commercial situation then PKP and/or
PRZ may choose to take legal action.  But the non-commercial situation can
be dealt with without restricting users to use RSAREF.

In short, Eric has not persuaded me (at least) that RSADSI was in any
way forced to restrict non-commercial users to use the RSAREF package.
Their general policy of permitting personal, non-commercial use, and
demanding that "if you make money, we make money" are more than adequate
without RSAREF entering the picture at all.

Hal Finney
[email protected]

-----BEGIN PGP SIGNATURE-----
Version: 2.2

iQCVAgUBK+ExaKgTA69YIUw3AQErDQP/ZMqrgzTm/j2T5xkbLCruCdVfd+a/U9tk
aNNE8687LMZsC9RSxh6me60zWEQag1DnLqOA5zhn+9kbQ3HbYsc58oc/5vNgJwEe
lAfcRImykqdIq3PLWgGyvhqqBsOib/k9uL8+OijcdYmsnLciDN8z4IdREDDKn7zu
w83hCzV7BDc=
=zAQ6
-----END PGP SIGNATURE-----