[Top] [All Lists]

Re: The RC2 debate

1997-04-22 23:00:20
Do a DejaNews search for the subject "Specification for Ron Rivests Cipher
No.2" (I didn't call it RC2 :-) posted to sci.crypt on 11 Feb 1996,
message-ID <4fk39f$f70(_at_)net(_dot_)auckland(_dot_)ac(_dot_)nz>.  This 
has also ended up on a
number of FTP sites, and I've seen it on at least one CDROM archive.
I assume that's enough to qualify it as "widely published".

No, I don't think so.  Neither random FTP sites nor a CDROM archive give
me any confidence that the specification will be widely available for a
reasonable amount of time.

And it is totally irrelevant anyway. The stated position of RSA here, which has
in fact been posted to this list by RSA representatives, is that they believe
this algorithm is still covered by trade secret rules. This means that
confidentiality restrictions may still apply, a zillion postings to various
newsgroups notwithstanding.  And this in turn means that it is a nonstarter as
far as the IETF is concerned. Again, the IETF rules concerning this could not
be any clearer.

More specifically, my understanding of RSA's claim is that they believe all
published descriptions of RC2 have been arrived at by reverse engineering code
covered by a license that forbids such reverse engineering. The question of
whether the "chinese wall" or "clean room" approach that was used is sufficient
to invalidate RSA's claims is something that only a court case can decide --
until that happens and RSA is successfully challenged in court and the trade
secret status of RC2 is invalidated their position is what counts. Moreover,
since trade secret law varies somewhat from one jurisdiction to another, it is
even possible that a single successful challenge would be insufficient to
invalidate all their claims (and this supposed they would lose, which is far
from obvious to me).

Finally, I would not recommend that anyone get their hopes over such a
challenge ever actually happening. At present RSA clearly believes that
maintaining trade secret status is important. As such, if they were ever placed
in a position where they would be likely to lose their trade secret status
through a legal challenge they would probably simply agree to a license for
less than the challenge is going to cost the challenger. And putting on my
corporate officer hat for a moment, it is unlikely that a company, especially a
public one, would ever turn down such a deal. Companies, even private ones,
have a fiduciary responsibility to their stockholders. They do not have a
responsibility to engage in expensive legal actions to prove a point, even when
those actions are clearly for the good of the community.


<Prev in Thread] Current Thread [Next in Thread>