At 12:37 AM 11/26/99 , Vin McLellan wrote:
> Bodo Moeller <[EMAIL PROTECTED]> replied:
>
> >It was a trade secret, but obviously is no longer secret; to my
> >knowledge, RSA has never asserted to have patents on RC4.
>
> This is correct. OTOH, RSAS has never given up their copyright on
>the name RC4 either. (Nor, AFAIK, has RSAS acknowledged the equivalence of
>the various RC4 clones -- which might, under US law, void whatever is left
>of the trade secret IP it uses to protect its own RC4 implementation code.)
I hate to pick nits (especially after Vin's clearly spent a long time
putting together a summary of several years' worth of crypto industry
history, which isn't recorded anywhere else, so far as I'm aware) but it's
important to remember that the term "RC4" isn't protectible under
copyright, but (potentially) by trademark, especially in light of the
following -
Charles Forsythe <[EMAIL PROTECTED]> noted:
>//>You can call your implementation ARC4 -- Alleged RC4. If you claim that
>//>your implementation is RC4 with any certainty, you may violate a
>//>trademark. Yes, we all know better.
>
> Do we now? You've got to admit it would take a lot of gall for
>someone other than MIT Prof. Ron Rivest, today, to bring to market a new
>symmetric algorithm called, ummm, "RC7." (The RC, btw, has always been,
>according to Ron, simply his label for his newest effort, as in "Ron's
>Code" -- number whatever;-)
>
> It might also be fairly said that an "RC7" cryptosystem from
>someone other than Ron Rivest would confuse and mislead the consumers and
>OEMs who have come to expect the elegant simplicity, ingenious complexity,
>and durable security we've seen in Prof. Rivest's RC2, RC4, RC5, and RC6.
This last bit seems to muddy the waters regarding the trademark status of
the "RC" prefix. Trademarks identify to consumers a unique source of goods
or services. To the extent that "RC<number>" identifies Ron Rivest as the
source of an algorithm or a scrap of code, it's not an RSAS trademark, it's
a Ron Rivest trademark.
I agree with your conclusions above from a moral perspective - anyone else
who used the "RC" prefix for a crypto algorithm would look like a jerk, as
would someone who appropriated, say, the "eay" suffix without the
cooperation or permission of Eric Young. But I'm not sure that, in a
stricter legal sense, either term has been closely correlated enough with a
unique source of goods or services to serve as a protectible mark.
(This message is *not* meant as legal advice; people who want legal advice
instead of commentary written during commercial breaks from the X-Files
should hire their own attorneys.)
The relationship of trademarks to algorithms is an interesting one - as Vin
notes, RSAS (and its ancestors) have experimented with a number of
different strategies for protecting their IP and their investment, and one
approach is trademark. I note that Vin's messages refer to the RSA
algorithm as RSApkc; I remember a discussion some months ago on either
cypherpunks or [EMAIL PROTECTED] regarding the trademark status of the
initials "RSA". This is an issue that's not going to go away. It would
probably do everyone good to clearly identify some terms which aren't
anyone's proprietary IP (like "linux" or "ssl" or "tls") which can be used
to describe an abstract standard (or protocol, or algorithm) and some
proprietary and nonproprietary terms, as appropriate, to describe
particular implementations of the abstract.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
