At 01:20 PM 6/16/2008, Michael Sierchio wrote:
RC4 is owned (and trademarked) by RSA Security Inc, but they are no
longer enforcing the patent,
RC4 was never protected by patent, but by trade secret. When the
details of the algorithm were published, Ron Rivest himself suggested
calling the "alleged RC4" "ARCFOUR". It is indeed a trademark of RSA
Security.
Michael is right. No patent. RSA subsequently switched to patent
protection for RC5 and RC5. Some ancient history might offer context.
RC4, developed by Rivest in 1987, was originally sold, under
contractual constraints, as a proprietary RSA trade secret -- a mode
of IP protection which soon proved to be frail and toothless in
Cyberspace, where anonymous publication on the Net broke the trade
secret contract but allowed the perpetrator to escape all liability.
RSADSI initially filed for US trademark protection on RC4 in 1993,
and the trademark -- as a mark of origin, a "mark" that identified
the source of the distributed code -- became the last line defense
for the RC4 IP when the RC4 algorithm was reverse engineered and
published on the Cypherpunks List in September of 1994.
In a swirl of ironies, this was a critical event in public crypto
history, because the illicit publication of RC4 made it possible for
non-US developers to do their own versions of SSL. SSLea, ancestor
of OpenSSL, soon broke the NSA's restrictive policies on the
international use of strong-crypto SSL for browsers and web-based
transactions. Many versions of alleged RC4 (ARC4 or ArcFour) were
soon in widespread use, even in IETF standards. Anyone can code or
use ACR4, but EMC/RSA still defends its monopoly on the RC4 trademark
because undefended trademarks become invalid.
_Vin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
