Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

IDEA patent vs the recent USPTO memorandum

  

 
GnuPG users RSS feed   Index | Next | Previous | View Threaded


marcio.barbado at gmail

Sep 16, 2009, 10:56 AM

Post #1 of 14 (1583 views)
Permalink
IDEA patent vs the recent USPTO memorandum
Hi list,
I've recently had access to this document, written by the "United
States Patent and Trademark Office" (USPTO) which basically tries to
ban software patents.

The memorandum is here:
http://www.uspto.gov/web/offices/pac/dapp/opla/2009-08-25_interim_101_instructions.pdf

the case is,
I'm really interested in reading your opinions of what this could mean
to optional OpenPGP ciphers like IDEA.


Regards,




Marcio Barbado, Jr.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Sep 16, 2009, 12:46 PM

Post #2 of 14 (1516 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
M.B.Jr. wrote:
> I've recently had access to this document, written by the "United
> States Patent and Trademark Office" (USPTO) which basically tries to
> ban software patents.

The memorandum in question is eight pages, twenty slides and two flowcharts.

As a ballpark estimate that would mean it would take an IP lawyer about
two days to figure out what this means for the specific subject of
patented cryptographic algorithms. It would take the non-experts on
this list many times that long, if we could do it at all.

There may be patent lawyers on this list who are familiar with the
memorandum in question who are willing to speak in a public forum about
it. Weirder things have happened. But speaking for myself, I do not
have the time it takes to (a) become an expert on U.S. patent law, (b)
read the memorandum, and (c) consider how it changes the U.S. patent
system, and (d) write up my results.

If this is important to you, I would suggest speaking with an IP lawyer.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Sep 16, 2009, 1:07 PM

Post #3 of 14 (1523 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
On Sep 16, 2009, at 1:56 PM, M.B.Jr. wrote:

> Hi list,
> I've recently had access to this document, written by the "United
> States Patent and Trademark Office" (USPTO) which basically tries to
> ban software patents.
>
> The memorandum is here:
> http://www.uspto.gov/web/offices/pac/dapp/opla/2009-08-25_interim_101_instructions.pdf
>
> the case is,
> I'm really interested in reading your opinions of what this could mean
> to optional OpenPGP ciphers like IDEA.

Whether this means IDEA is okay or not patent-wise, I have a slightly
different take on this: who cares about IDEA at this point? IDEA was
good back in the 90s and PGP 2.x. It's 2009 now, and we have better
ciphers than IDEA, a massive installed software base that doesn't use
IDEA, and nobody is suffering for the lack of IDEA. If IDEA was
suddenly not patented, none of this would change.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


jbruni at me

Sep 16, 2009, 1:14 PM

Post #4 of 14 (1527 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
On Wednesday, September 16, 2009, at 12:46PM, "Robert J. Hansen" <rjh [at] sixdemonbag> wrote:
>M.B.Jr. wrote:
>> I've recently had access to this document, written by the "United
>> States Patent and Trademark Office" (USPTO) which basically tries to
>> ban software patents.
>
>The memorandum in question is eight pages, twenty slides and two flowcharts.
>
>As a ballpark estimate that would mean it would take an IP lawyer about
>two days to figure out what this means for the specific subject of
>patented cryptographic algorithms. It would take the non-experts on
>this list many times that long, if we could do it at all.
>
>There may be patent lawyers on this list who are familiar with the
>memorandum in question who are willing to speak in a public forum about
>it. Weirder things have happened. But speaking for myself, I do not
>have the time it takes to (a) become an expert on U.S. patent law, (b)
>read the memorandum, and (c) consider how it changes the U.S. patent
>system, and (d) write up my results.
>
>If this is important to you, I would suggest speaking with an IP lawyer.



Especially for a patent that is due to expire in a year or two.

http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm





_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Sep 16, 2009, 1:15 PM

Post #5 of 14 (1523 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
David Shaw wrote:
> Whether this means IDEA is okay or not patent-wise, I have a slightly
> different take on this: who cares about IDEA at this point? IDEA was
> good back in the 90s and PGP 2.x. It's 2009 now, and we have better
> ciphers than IDEA, a massive installed software base that doesn't use
> IDEA, and nobody is suffering for the lack of IDEA. If IDEA was
> suddenly not patented, none of this would change.

Some people use remailers and other tools which depend on PGP
2.6/RFC1991 traffic. There are some people who would very much like to
see GnuPG fully support RFC1991 so it can replace the very long in the
tooth PGP 2.6.

Admittedly, I think the correct response is to say, "GnuPG /did/ replace
PGP 2.6, the same way RFC4880 replaced RFC1991, now come into the 21st
century with the rest of us." But many of the die-hard PGP 2.6
advocates resist changing.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Sep 16, 2009, 1:40 PM

Post #6 of 14 (1520 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
On Sep 16, 2009, at 4:15 PM, Robert J. Hansen wrote:

> David Shaw wrote:
>> Whether this means IDEA is okay or not patent-wise, I have a slightly
>> different take on this: who cares about IDEA at this point? IDEA was
>> good back in the 90s and PGP 2.x. It's 2009 now, and we have better
>> ciphers than IDEA, a massive installed software base that doesn't use
>> IDEA, and nobody is suffering for the lack of IDEA. If IDEA was
>> suddenly not patented, none of this would change.
>
> Some people use remailers and other tools which depend on PGP
> 2.6/RFC1991 traffic. There are some people who would very much like
> to
> see GnuPG fully support RFC1991 so it can replace the very long in the
> tooth PGP 2.6.

If the "some people" still want this, I haven't seen it in a good long
while. Possibly they gave up asking. Still, it doesn't matter.
GnuPG is not a RFC-1991 tool, and a theoretical un-patenting of IDEA
doesn't change that either. To say nothing of the fact that compliant
OpenPGP implementations are explicitly banned from generating RFC-1991
keys.

In effect, the request you're paraphrasing seems to be "Add support
for a dead, deprecated, and weaker format to GnuPG, and then deal with
a massive software distribution problem so everyone can have the new
version, all so a few remailers and tools don't have to upgrade to
OpenPGP". That argument might have made more sense in 1999, to help
get people through the transition, but it's not 1999 any more.

I'll go out on a limb and suggest that upgrading the relatively few
remailers is an easier job...

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Sep 16, 2009, 2:02 PM

Post #7 of 14 (1520 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
David Shaw wrote:
> If the "some people" still want this, I haven't seen it in a good long
> while. Possibly they gave up asking.

Gave up the asking, more likely. I still get one or two emails a year
inquiring about if/when GnuPG will support this. (No, I don't know why
they email me, and I wish they wouldn't.)

That said, I share in your sentiments.



_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


vedaal at hush

Sep 17, 2009, 7:29 AM

Post #8 of 14 (1490 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
>Message: 2
>Date: Wed, 16 Sep 2009 16:40:02 -0400
>From: David Shaw <dshaw [at] jabberwocky>

>If the "some people" still want this, I haven't seen it in a good
>long while. Possibly they gave up asking.


as an old-time pgp 2.x user,
have often put the question to some of the die-hard remailer 2.6
users:

'why don't you just switch to gnupg?'


this is the reason i got in response:

"i'm very concerned about my privacy, which is why i bother to use
a remailer in the first place

i carefully went over every line in the pgp 2.6 sourcecode,
and i'm happy with it

if only there were a gnupg mini-version with a shorter source-code,
(or at least one that's readable by someone looking at it from
scratch, not just reading the updates and patches as they go along)
then i'd gladly switch

to be fair,
several of them 'have' switched to Disastry's version, and can use
any algo or hash in open pgp (except those that came after Disastry
;-( )
specifically because his source code is short enough to be readable

(disclaimer,

not by me,
am not at that semi-paranoid level yet,

and at the medium compromise level of:

the stuff i want to encrypt and/or sign, isn't that important
enough,
and i'm willing to trust experts in the field who have vetted the
code ;-) )


vedaal


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Sep 17, 2009, 9:41 AM

Post #9 of 14 (1480 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
vedaal [at] hush wrote:
> if only there were a gnupg mini-version with a shorter source-code,
> (or at least one that's readable by someone looking at it from
> scratch, not just reading the updates and patches as they go along)
> then i'd gladly switch

This is doable. I did this in '99 for GnuPG 1.0. I haven't done it
since, but given the codebase is still in the same ballpark, size-wise,
I find it hard to believe it's impossible today.

It seems strange to imagine there's someone not capable of auditing the
GnuPG code, but is capable of auditing the PGP 2.6 code.

Having read both codebases (albeit not a recent GnuPG codebase), I found
GnuPG's code to be much clearer and easier to understand than PGP 2.6's.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


johanw at vulcan

Sep 21, 2009, 11:30 AM

Post #10 of 14 (1410 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
David Shaw wrote:

>If the "some people" still want this, I haven't seen it in a good long
>while. Possibly they gave up asking.

Probably. However, if someone wants IDEA support for whatever reason there
is still the IDEA plugin. It still works with GnuPG 1.4.10 for both Linux
and Windows, although I have not tested it with the 2.0 versions.

>To say nothing of the fact that compliant OpenPGP implementations are
>explicitly banned from generating RFC-1991 keys.

Why is that? Forced upgrading?

Anyway, pgp 2.6.3ia builds just fine on modern Linux and win32 platforms.
For win32, all you have to do is make a project file including all source
files in Visual Studio and compile it. Long filename support etc. comes
automatically so windows users don't have to be stuck with some DOS
executable which would be a pita.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw [at] vulcan // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Sep 21, 2009, 12:48 PM

Post #11 of 14 (1409 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
On Sep 21, 2009, at 2:30 PM, Johan Wevers wrote:

> David Shaw wrote:
>
>> If the "some people" still want this, I haven't seen it in a good
>> long
>> while. Possibly they gave up asking.
>
> Probably. However, if someone wants IDEA support for whatever reason
> there
> is still the IDEA plugin. It still works with GnuPG 1.4.10 for both
> Linux
> and Windows, although I have not tested it with the 2.0 versions.

There is IDEA support (as this is part of OpenPGP, albeit with patent
issues), but no V3 key generation support.

>> To say nothing of the fact that compliant OpenPGP implementations are
>> explicitly banned from generating RFC-1991 keys.
>
> Why is that? Forced upgrading?

I recall it was not so much forced upgrading, as a general feeling of
"enough already". If you take a look at the ietf-openpgp archives for
2003-2004, you'll see a few discussions around it. Mind you, the
statistics we played with at the time (4-5 years ago) showed that over
90% of keys on the keyservers were V4. I doubt that number has gone
anywhere but up since then.

Another way to look at it is that the new wording around V3 keys
(including the no-generate rule) enables someone to write an OpenPGP
implementation that has no V3 support whatsoever (something which
wasn't doable in RFC-2440).

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


marcio.barbado at gmail

Sep 21, 2009, 7:11 PM

Post #12 of 14 (1413 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
Gentlemen,
I really appreciate the comments you've made on the subject and the
little debates as well.

That was exactly what I was expecting.

Sometimes, regular users do not have the proper notion of whether some
functionality merits attention.

All in all, it looks like IDEA, even if totally freed, is sentenced to
gradual abandonment. Is this perception of mine correct?


Regards,




On Mon, Sep 21, 2009 at 4:48 PM, David Shaw <dshaw [at] jabberwocky> wrote:
> On Sep 21, 2009, at 2:30 PM, Johan Wevers wrote:
>
>> David Shaw wrote:
>>
>>> If the "some people" still want this, I haven't seen it in a good long
>>> while.  Possibly they gave up asking.
>>
>> Probably. However, if someone wants IDEA support for whatever reason there
>> is still the IDEA plugin. It still works with GnuPG 1.4.10 for both Linux
>> and Windows, although I have not tested it with the 2.0 versions.
>
> There is IDEA support (as this is part of OpenPGP, albeit with patent
> issues), but no V3 key generation support.
>
>>> To say nothing of the fact that compliant OpenPGP implementations are
>>> explicitly banned from generating RFC-1991 keys.
>>
>> Why is that? Forced upgrading?
>
> I recall it was not so much forced upgrading, as a general feeling of
> "enough already".  If you take a look at the ietf-openpgp archives for
> 2003-2004, you'll see a few discussions around it.  Mind you, the statistics
> we played with at the time (4-5 years ago) showed that over 90% of keys on
> the keyservers were V4.  I doubt that number has gone anywhere but up since
> then.
>
> Another way to look at it is that the new wording around V3 keys (including
> the no-generate rule) enables someone to write an OpenPGP implementation
> that has no V3 support whatsoever (something which wasn't doable in
> RFC-2440).
>
> David
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users [at] gnupg
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



Marcio Barbado, Jr.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Sep 21, 2009, 8:53 PM

Post #13 of 14 (1417 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
M.B.Jr. wrote:
> All in all, it looks like IDEA, even if totally freed, is sentenced to
> gradual abandonment. Is this perception of mine correct?

It is more accurate to say it has already been abandoned. Very few
people today use IDEA as a symmetric cipher for OpenPGP messages.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Sep 21, 2009, 9:05 PM

Post #14 of 14 (1406 views)
Permalink
Re: IDEA patent vs the recent USPTO memorandum [In reply to]
On Sep 21, 2009, at 10:11 PM, M.B.Jr. wrote:

> Gentlemen,
> I really appreciate the comments you've made on the subject and the
> little debates as well.
>
> That was exactly what I was expecting.
>
> Sometimes, regular users do not have the proper notion of whether some
> functionality merits attention.
>
> All in all, it looks like IDEA, even if totally freed, is sentenced to
> gradual abandonment. Is this perception of mine correct?

In my opinion, yes. These days, you'd need a good reason to use IDEA
rather than AES, CAST5, or even 3DES. When you add in the fact that
IDEA actually costs money (heresy!) and nearly every competitor is
free, it becomes a fairly easy calculation to make.

In the context of OpenPGP, the gradual abandonment has already
happened. The usage today is non-zero, but negligible. The only
reason the IDEA discussion comes up here (usually once or twice a
year) is that PGP 2.x used it back in the 1990s.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.