Why should I risk a patent suit? Doesn't
this situation place a severe limit on PGP being able to scale to the
world?
First, the world is much larger than the United States, and the patent
is only enforceable in the U.S. And commercial PEM products can't
leave the U.S, while PGP is already out there (and its developers are
outside the U.S too).
Irrelevant. Cryptography in France requires the permission of the Prime
Minister or his designee. In Australia it is forbidden. Thus there can be no
universal solution and any proposed one must be legal in the U.S.
Further, Ripem is legal in the U.S. and also "out there", and the public key
list on the server is rapidly approaching the number of keys reported for
PGP in some messages.
Second, there is no reason (other than bile between Jim Bidzos and
Phil Zimmerman) that US users could not be licensed to use PGP.
False. It's not personal between Bidzos and Zimmerman but that Bidzos, as
the head of a firm with patents, wants his rights under his patents, and
Zimmerman wanted a free license. To reduce this issue to an assertion of a
personal quarrel is simply incorrect, and has no place in a group discussing
formal standards. What prevents US users from being licensed to use PGP is
that is infringes RSA's patents and further, there's no import license from
the Government for IDEA.
Indeed, I suspect that any company with an RSA license (Sun, IBM,
Apple, Microsoft,...) is already licensed to run PGP, or any other
program that makes use of RSA -- at least if they keep track of the
number of inhouse users and pay the appropriate royalty.
Questionable. Does the RSA license permit this? In any case there's no IDEA
import license in the U.S.
David