Well said, Ned.
Granted that this isn't the SSL forum, we at Novell have devoting a lot of time
and attention to optimizing the performance of our SSL implementation
Although most of that effort has been devoted to cleaning up code paths
in some third-party software and worrying about the public key handshake,
improvements in the encryption performance for long blocks (large GIF images,
or megabyte file transfers) would certainly be welcome.
At present, it isn't clear to me exactly how much support the CMS spec has
outside of the S/MIME community, although I understand that it was intended
to be more general.
What would it take to get SSL/TLS, IPSEC, and some of the other protocols
to adopt CMS, if that is the preferred solution?
If crossing that bridge is too hard, defining a new crypto algorithm that
includes
compression, despite the admitted ugliness and combinatorial problems that
would bring, might still be the preferred answer -- at least for non-CMS
protocols.
Bob
Robert R. Jueneman
Security Architect
Network Security Development
Novell, Inc.
122 East 1700 South
Provo, UT 84606
bjueneman(_at_)novell(_dot_)com
1-801-861-7387
Ned Freed <Ned(_dot_)Freed(_at_)innosoft(_dot_)com> 08/03/99 05:50PM >>>
This seems a bit odd, given that a completely unencumbered algorithm and
free
implementation existed years before the web (let alone SSL) did. There are
problems with ITU and ISO-standarised algorithms (which seem to exist solely
to provide patent licensing outlets for vendors, and which in any case tend
to
have mediocre performance), but Zip/zlib has never had any problems
I'm quite aware that there are a number of free implementations of
compression and that the authors claim that those implementations are
enencumbered, however, discussions with holders of the various
patents (Hi/Fn comes to mind) seem to indicate that they feel
otherwise.
First of all, while the IETF prefers unemcumbered algorithms, they are not
required. The only requirement is that intellectual property claims be
disclosed when participants in the effort become aware of them.
Second, one of the basic principles underlying patents is that you either
enforce them or lose them. As such, if someone claims to have a patent that
covers Zip/Zlib/deflate, they should have been going after any number of
vendors of the numerous commercial and free software packages that use these
algorithms. The fact that no such action has been taken (it would generate tons
of publicity if it had) is a strong indicator that either no such patent
exists, or if it is does it is no longer enforeable, people's "feelings"
about the matter notwithstanding.
Third, one of the tactics commonly used in this game is to create FUD over
what's patented and what is not. As such, it is quite common to hear second
or third-hand assertions that so and so or such and such has a patent that
covers various things when in fact no such patent exists (and in some cases
no such assertions have been made).
So, if you know of a specific patent that you believe covers deflate, or of a
specific public statement made by someone that they have such a patent, please
step up to the plate and say exactly what it is so we can evaluate it. This is
a technical forum and rumor and innuendo have no place here.
Ned