At 01:35 PM 12/27/99 , Leland V. Lammert wrote:
>I also believe in SW patents, .. but the current farce with RSA, even you
>have to admit, is stupid! Why cannot developers purchase a license (I do
>not call $100,000 a license fee for ANYONE)?
Probably someone at RSA thinks they make more money by selling a few
licenses at $100K (or $1M, or $10M) than by selling a lot of licenses at
$1K or $10K. I don't know if they're right or not - but RSA employees and
management are expected to build value for their shareholders, not make
life easy for other people.
> Why has RSA abandoned RSAREF?
Because it was no longer serving their purposes? My impression is that
RSAREF was initially intended to serve two purposes - (1) to serve as a
demonstration/toolkit for academics and developers, to let them get
comfortable with several (then) contemporary developments in applied
cryptography without cannibalizing sales from RSA's commecial toolkit
business, and (2) to provide a PR backfire in the Phil Zimmerman-PGP/RSADSI
dispute, by softening RSA's image as the Grinch of cryptography.
(1) has been better served for several years at least by SSLeay and now
OpenSSL; and (2) was exploited by several firms - including C2Net, where I
once worked - to build lower-cost webservers and other crypto products
which were competitive with products sold by RSA itself as well as RSA's
high-ticket licensees. I suspect that exploitation of (2) didn't make
anyone at RSA very happy, and the individuals involved personally in the
RSA/PRZ-PGP disagreements are no longer involved directly in the day-to-day
management of the organizations involved, so that seems to have died a
quiet death without ever reaching a resolution, so far as I can tell .. so
I think (2) is no longer relevant.
I don't really see a reason for RSAREF to continue to exist; RSA has
effectively allowed SSLeay/OpenSSL to become the RSAREF of the late 1990's
by failing to pursue patent infringers inside the US who haven't used
SSLeay/OpenSSL in a commercial fashion. (In fact, I've never heard of an
infringement suit filed by RSA against any user of SSLeay/OpenSSL in any
context.)
So .. why should RSA expend any resources on RSAREF? I think it makes more
sense (as they've done) to allow the open-source market to use open-source
code in an informal fashion without a lot of hassle, and to make
development kits available to commercial customers relatively cheaply or
for free in anticipation of later royalties. I think abandoning it makes a
lot of sense.
>I think even you would have to agree that this is a SW patent gone WAY off
>track.
I think it's one example of what patents can lead to - for better or for
worse. I think it's reasonable to argue that RSA has simultaneously been
the civilian cryptography industry's best friend and worst enemy. It's
tempting, a week or so before Y2K, to argue that open source and free
software and OpenSSL were inevitable, and that RSA (the company) and RSA
(the patent) just stunted their development; but I'm not sure that's
accurate. In particular, I'm skeptical that there would be any civilian
cryptography industry at all if early participants didn't believe that they
could create or license something which would allow them to have an
advantage over their competitors - like the RSA patent, and what it's done
to the web server and web client markets.
I do think that perhaps the software patent debate would be more profitably
held somewhere else, or not at all.
--
Greg Broiles
[EMAIL PROTECTED]
PGP: 0x26E4488C
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
