Why should I risk a patent suit? Doesn't
this situation place a severe limit on PGP being able to scale to the
world?
First, the world is much larger than the United States, and the patent
is only enforceable in the U.S. And commercial PEM products can't
leave the U.S, while PGP is already out there (and its developers are
outside the U.S too).
Second, there is no reason (other than bile between Jim Bidzos and
Phil Zimmerman) that US users could not be licensed to use PGP.
Indeed, I suspect that any company with an RSA license (Sun, IBM,
Apple, Microsoft,...) is already licensed to run PGP, or any other
program that makes use of RSA -- at least if they keep track of the
number of inhouse users and pay the appropriate royalty.
I once proposed to Jim Bidzos that RSADSI sell lifetime rights to
their patents to individuals for $100. When a child reached the age
where they needed cryptographic protection, a parent or godparent
would gift them with this necessity of modern life. RSADSI would not
suffer by eventually getting $100 from every person in the U.S...
I bet there are more than a thousand users of PGP today, who would pay
$100 for a lifetime license to use RSA's current and future patents.
Then they'd be free to use whatever software they liked, for protecting
their email, net connections, phone calls, or whatever -- without being
stuck with less-workable software because of legal issues.
John