>Date: Sun, 10 Nov 1996 08:25:17 -0500
>Message-Id: <199611101325 .
>From: C Matthew Curtin <cmcurtin @
>To: Kent Crispin <kent @
>Cc: Doug .
EDU (Doug Hughes), firewalls @
>Subject: Re: ssh licensing
>In-Reply-To: <199611090541 .
>References: <doug-961108160743 .
> <199611090541 .
>Reply-To: cmcurtin @
>Sender: firewalls-owner @
>>>>>> "Kent" == Kent Crispin <kent @
>Kent> In 4 years the RSA patents run out. Ssh supports about 5
>Kent> different encryption algorithms, so you can probably find one
>Kent> that is freely usable in your location.
>Keep in mind that RSA is used for session key exchange only. (Those
>host keys are RSA keys.) In order to be legal in the US, you'll need
>to build SSH with RSAREF, and you can't sell it, etc.
>Using RSAREF, you can use SSH just as you can PGP...
>I'm wondering how much ElGamal is going to start popping up for
>session key exchange and that sort of thing. (PKP claims that ElGamal
>is covered by the patent on DH, but that expires in April '97.) The
>biggest problem with ElGamal is how incredibly slow it is (compared to
>RSA) for the function of signature verification...
Having recently explored the issue of legally running SSH at a large
commercial organization I now know more about the whole sordid public
key patent business than I care to.
Because of the way GATT applies to U.S. patent law, the DH (+ElGamow)
patent held by Cylink apparently does not expire until October of 97.
After lengthy discussions with RSADSI I concluded that they would not
sell the right to use the RSA algorithm itself to my company at any
price (they want us to purchase their specific implementations).
The commercial spin-off Tatu Ylonen started, "Data Fellows" will
sell commercial versions of SSH in the U.S. (f-secure-ssh-sales @
or http://www.datafellows.com/), with source. My company is currently
considering licensing SSH from DataFellows. Their prices seem
reasonable for commercial "free" software.
I have been told by Data Fellows that their commercial SSH will
soon support an El Gamow variant. I am also quite confident that on
or about October 97 the public domain SSH will also support it
(by yours truly if no one else beats me to it; I have already
concluded that it would be far less work to hack ElGamow into
SSH that to fight through all the licensing/purchasing issues for
Steve Marquess steve @
5325 Spectrum Drive (301) 815-6219 voice
Frederick, MD 21703 (301) 846-8355 fax
>Matt Curtin cmcurtin @
com Megasoft, Inc Chief Scientist
>http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself.
>Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet