[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pgp, edi, s/mime



Andrew Loewenstern wrote:
> 
> Raph Levien writes:
> >  In sum, S/MIME leaves PGP in the dust, both techically and as
> >  a market force.
> 
> But does S/MIME still leave important sender and recipient information in the clear?

No. That's fixed.

> True, PGP is four years old and isn't as up-to-date anymore, but PGP 3.0 is
> supposed to have an important feature (although we will have to wait a year
> for it):  it is unencumbered by patents.

I'll believe in PGP 3.0 when I see it. Last time I checked in with the
development process, it was in pretty bad shape. Hopefully, the roughly
$5M of capitalization for PGP Inc. will help, but then again, when's the
last time an infusion of funds fixed a troubled software project?

In their present forms, PGP and S/MIME don't differ much in terms of
patents. At the _protocol_ level, both PGP and S/MIME require the use of
RSA cryptography, which is patented in the US. Similarly, at the
implementation level, both PGP 2.6.2 and RIPEM 3.0 (now in beta) have a
license to use RSAREF for noncommercial applications. If you want to use
RSA for commercial use in the US, you either have to buy ViaCrypt PGP
(whatever that's called now), or one of the commercial S/MIME
implementations. In either case, you're still paying for an RSA license.

Actually, the situation with PGP is even worse, as it includes the IDEA
cipher, which is patented by Ascom Tech. Ascom holds patents outside the
US, which means that commercial users of PGP outside the US must pay an
additional patent royalty to use PGP (US$15 per user for single copies
-- see Stale Schumacher's PGP FAQ for more details). By contrast, the
only patented algorithm required by the S/MIME protocol spec is RSA,
which is patent-free outside the US.

On 20 Sep 2000, S/MIME will become completely patent-free all over the
world.

S/MIME also requires the use of RC2, which is not patented, although RSA
may assert rights under trade secret law. This is still a bit
controversial, and the issue of inclusion of RC2 in RIPEM has not been
fully resolved yet. However, RSA has indicated a willingness to allow at
least object code for RC2 to be released as part of the RIPEM
distribution. The RC2 algorithm is only for compatibility with crippled
"export" implemenations of S/MIME, and can be omitted if you're only
ocmmunicating with non-crippled clients. (It should be noted that such a
version would not be in compliance with the S/MIME implementation
guide).

I think you're referring to the possibility that PGP 3.0 may use a
public key algorithm other than RSA. However, if this is the case, it
won't be compatible with PGP's installed base. In addition, I don't
believe that there has been a public key encryption algorithm proposed
which is free of patent controversy.

Raph