AES and patent rights

A Ciphers By Ritter Page

Terry Ritter

A major discussion about the Advanced Encryption Standard and individual patent rights.

First: Crypto manufacturers have found a way to get society to pay twice for a new cipher: first for the research and development, and then again for the software to run it. Is this country great or what?

Then: Is a web page considered "publication"?

Contents

• 1998-09-26 Bruce Schneier: "Why should NIST consider options that cost when there are many--and some very good ones--that don't cost?" "I don't believe that it is un-American, unconstitutional, or inappropriate for automobile companies to sponsor race cars, either."
• 1998-09-26 Terry Ritter: "Really? You would force everyone who entered a car in the race to sign over their rights to their design -- including any new innovations -- if they won? That sounds like a very strange race to me."
• 1998-09-26 Bruce Schneier: "NIST is not taking anything without compensation. Everything is being given freely. You are not being compelled to submit and to give up your rights."
• 1998-09-27 Douglas A. Gwyn: "...if people can obtain free technology that provides adequate security and meets their other requirements, then of course there is not much incentive to develop competing security technology, except as an intellectual pastime."
• 1998-09-27 Terry Ritter: "A standard *cipher* should be an advantage for bankers who want the liability protection of "due diligence." "But companies and individuals can make their own decisions about what cipher to use, based on the opinions of experts they trust, or just random chance. Freedom is like that."
• 1998-09-28 Bruce Schneier: "The analogy was not very good; it wasn't worth defending. I was thinking of auto racing sponsorship as something done for publicity; you pointed out that the auto manufacturers got to keep rights to their designs. Perhaps better would be the sponsorship of a particular olympics team. When Company X sponsors the U.S. ski team, they spend money and expertise (or at least, buy expertise) and receive nothing back except publicity."
• 1998-09-28 STL137: "Har har - this one goes on my quotes page..."
• 1998-09-28 Terry Ritter: "...a government process -- one that should apply to me just the same as you -- would cost me *more* than it cost you. This is just not equal protection under the law."
  "My stuff is available to anyone. It is not restricted to students who are physically close to a major library system. It doesn't cost anything at all, not the price of a symposium, not the price of a book, not even the price of a CD. In my view, this is the way Science should be, and that is the way I do it."
• 1998-09-27 Jim Gillogly: "How is this not equal protection under the law? You've simply chosen a different path. Have you yet answered the question about what IBM has received for DES beyond publicity?"
• 1998-09-28 Terry Ritter: "We do know that intensive negotiation was going on right up until DES was actually published. Negotiation normally means that some form of compromise or reciprocal bargain is being struck. It simply does not take much negotiation to say: 'We'll just make this cipher free for use in the US.'"
• 1998-09-28 Bruce Schneier: "The difference seems to me that we see that participation is a choice, so there is no taking. He seems to feel differently."
• 1998-09-28 John Savard: "Obviously, reading your book _Applied Cryptography_ will lead people to suspecting that you are one of the members of this 'conspiracy' as well."
• 1998-09-28 Jim Gillogly: "I don't disagree that designing an important algorithm such as RSA is a significant piece of intellectual property and the authors deserve a reward. I do disagree that the patent process is set up to offer that reward."
• 1998-09-28 lamontg@bite.me.spammers: "It is not a contest that you care to enter, clearly. And you're clearly upset because you thought you'd get a whole lot of money out of possibly winning the contest, and you won't."
• 1998-09-29 Terry Ritter: "Had you been around here when this all started, you would know that I have never had any delusions about possibly *winning*. I did have the delusion that I would be able to *participate* without giving away my second-born child."
• 1998-09-28 John Savard: "What it is instead doing by means of the AES process is: searching for a good cipher algorithm that the U.S. government can _use in practice_ for safeguarding unclassified but sensitive communications."
• 1998-09-29 Douglas A. Gwyn: "When government officials get caught engaging in such illegal procurement activities, the penalties can be severe."
• 1998-09-29 W T Shaw: "Are you naive enough to not see what goes on. So much bidding is only done to present the guise of a credible process."
• 1998-09-28 Bruce Schneier: "To me it looks like we were both given the same decision to make, and you chose one path and I chose the other. You believed that your patent rights were worth more than NIST was willing to give you for them. "
• 1998-09-29 Terry Ritter: "This is sort of a strange comment, isn't it? It might even be the basis for a sort of occupational joke, where a mathematician gets 'paid' with zero dollars and goes away satisfied! Ha ha, very funny!"
• 1998-09-29 A [Temporary] Dog: "...why do you care if you participate or not?"
• 1998-09-29 Terry Ritter: "Well, I was disappointed. But the reason I *care* is that I think it is *wrong*." "Anyone deserves prestige for the quality of their work. But they also deserve to be compensated for *doing* the work."
• 1998-09-29 Patrick Juola: "Wrong, sir!"
• 1998-09-29 Douglas A. Gwyn: "Prestige is awarded by others, not by yourself."
• 1998-09-30 JPeschel: "Crazy man -- can you dig it! When do we do zap the capitalist system into a blue way-gone haze?"
• 1998-09-30 Lenz: "Any compensation for cipher design needs to come from winning in the marketplace, not in AES." "That means that any lack of compensation is just an indication of failure in the marketplace, which you probably would not want to claim for your designs."
• 1998-09-30 bryanolson@my-dejanews.com: "NIST correctly predicted that the worlds best cryptographers would offer top quality designs for free."
• 1998-09-30 Lincoln Yeoh: "I see AES as a crypto donation drive- 'Donate Decent Crypto to the World'."
• 1998-09-30 Stephen M. Gardner: "Many would say that when you do something just for money you cheapen it. After all, when you have the talent it just has to come out whether someone is willing to pay or not."
• 1998-10-01 Mark Wooding: "Creativity exists because, fundamentally, people enjoy being creative. That ought to be enough. It's a real shame it isn't."
• 1998-10-01 W T Shaw: "When it comes to crypto, some other areas too, things are twisted upside down from the classic, nice talk about free enterprise, so the government becomes the fixer, manipulator, and irreverant boss who ultimately selects blesses the commercial endeavors that submit to the rules."
• 1998-09-29 Douglas A. Gwyn: "I think a key (tacit) element in Terry's reasoning is that AES will be widely used, even mandatory in some cases, displacing commercial systems that might have been used instead."
• 1998-09-30 Joseph K. Nilaad: "I don't think we're all working for charity!"
• 1998-09-30 R H Braddam: "...just because the encryption algorithm is free don't mean that the applications using them will be."
• 1998-09-30 Bruce Schneier: "Presumably some of the AES submissions have patent applications pending."
• 1998-10-01 dianelos@tecapro.com: "FROG is in the public domain too."
• 1998-09-30 Patrick Juola: "The Olympics certainly pay 'only the medal,' yet have no problem getting competitors."
• 1998-10-03 Lincoln Yeoh: "...most people don't get paid in pats on backs, praises, respect etc, but it actually matters a lot to many people."
• 1998-09-30 Joseph K. Nilaad: "Thanks for bringing Olympic scenario up, who is collecting the money? Certainly not the atheletes. I have not yet seen any free admission in Olympic."
• 1998-10-1 R H Braddam: "...just because the other submissions were not YET patented, that doesn't mean they were unpatentable, or worthless."
• 1998-10-2 Joseph K. Nilaad: "Free worldwide and 40bit export law at this moment and in this country, is a contradiction!"
• 1998-10-2 R H Braddam: "The original ITAR export controls were very likely unconstitutional, and the movement of control to Department of Commerce was just a stop-gap measure to delay or circumvent having all or a majority of them thrown out by the Supreme Court."
• 1998-10-02 Casper H.S. Dik - Network Security Engineer: "While this has been made to sound admirable, it really was only a ploy to keep the 'underclass' who couldn't possibly afford to compete for free away. Women weren't allowed to compete either."
• 1998-09-30 lamontg@bite.me.spammers: "if i go out and do something which i consider to be work and everyone else considers to be worthless then i certainly don't deserve to be compensated for doing the work."
• 1998-09-29 Bruce Schneier: "I don't think I have a "point," other than you chose not to submit and I chose to submit."
• 1998-09-29 Andreas Enterrottacher: "You didn't make money with DES and you won't make money with the next standard. NIST didn't need you to get DES and they don't need you to get AES :)"
• 1998-09-29 Terry Ritter: "...while there may be some "free" programs which use AES, we can be sure that commercial software firms will compensate their programmers by charging for the software. Programmers thus will be compensated -- and justly so -- for the time they spend; but cipher designers will *not* be compensated for the vastly greater time *they* spend."
• 1998-09-30 Andreas Enterrottacher: "...since DH has become free RSA isn't used any more in PGP. As well others don't use RSA because DH has become free."
• 1998-09-30 John Savard: "...RC4 is the *beneficiary* of a government monopoly..."
• 1998-09-28 Bruce Schneier: "...it takes a lot of work to keep with the Internet, and some might argue that it is impossible. There is just so much out there, and such a high percentage of it is trash, that it just isn't cost effective to wade through it all. For everyone like you, who is doing serious work, there are dozens of yahoos who aren't. And from first glance, you can't tell the difference."
• 1998-09-28 Lincoln Yeoh: "Don't go to the Crypto Donation Drive, if you don't want to give."
• 1998-09-28 Lamont Granquist: "*You* are the one that is lazy. Writing an article and sticking it up on a website is something that any college student can do. Doing the work to make it suitable for publication in a journal takes substantially longer. That standard of quality is why 'lazy' cryptographers read journals rather than browse random web pages."
• 1998-09-28 W T Shaw: "It all depends on whether you actually want to keep up with a fast changing field or not; this affects everything, not cryptography alone. I would suggest that you discard email as well since, according to the same reasoning, nothing not carefully written out and properly mailed would constitute laziness."
• 1998-09-30 Lamont Granquist: "Saying 'I put it up on my web site 6 months ago, why haven't you read it?' is egotistical b.s. and it isn't publishing -- getting it into central repositories of information is publishing."
• 1998-09-28 W T Shaw: "We are at a great transition where actual printed matter is fastly being usurped by electronic media...it's in all the *papers*. Holding to the old standard as the one true path is merely quaint."
• 1998-09-28 Bruce Schneier: "Anyone can put their ideas up on the web; it's the ultimate vanity press. But there is just too much out there; the community needs some way to determine if a particular something is worth reading."
• 1998-09-29 Douglas A. Gwyn: "If it makes a good example, it is pedagogically useful to have it in your article, regardless of its origin."
• 1998-09-29 Bruce Schneier: "...this is the reality of academic cryptography. I cannot change that, even if I sit on program committees and argue the point."
• 1998-09-29 Joseph K. Nilaad: "How can you quantify which publication is worth reading either it is on the web or hard copy?"
• 1998-09-29 Patrick Juola: "...NIST has something that most people don't -- to wit, credibility."
• 1998-09-29 Bruce Schneier: "If academic cryptographer A reads and cryptanalyzes a method that appears at a conference, workshop, or as an AES submission, he can publish his results. If he reads and cryptanalyzes a method that appears on Usenet, all he can do is post his results on Usenet."
• 1998-09-30 Terry Ritter: "...now that I think of it, Biham *actually* *did* write and publish an academic "paper" on *my* *own* "Ladder DES" proposal, which was basically a Usenet thing." "So, clearly, one *can* write about Usenet proposals."
• 1998-09-30 Bruce Schneier: "Of course one can. Biham's paper is certainly a good example."
• 1998-09-29 Douglas A. Gwyn: "The issue isn't whether or not you can access the document on-line, it's whether or not the document has made it through a reasonable 'antijunk' filter."
• 1998-09-30 Stephen M. Gardner: "when something is not broken yet and it hasn't had a lot of attempts made yet it is really not secure."
• 1998-09-28 Paul Rubin: "What I remember is hearing that it's hard for a cipher designer to be taken seriously until they've gotten some serious, interesting results at breaking other people's algorithms."
• 1998-09-28 W T Shaw: "The official line was that you had bettter not even try; if you wanted to think in the area, you had better register; and don't think of implementing anything without going through some sort of Greek Debate on its utility first."
• 1998-09-29 Douglas A. Gwyn: "There undoubtedly is some good unreviewed Web publication, as well as a lot of bogosity. And there are also dubious or even bogus peer-reviewed articles."
• 1998-09-29 David A. Scott: "...very little in crypto in this country and else where is not poisioned by the self serving NSA."
• 1998-09-29 W T Shaw: "...I see so many in NIST going out of their way to be fair even if it hurts for as long as their reins will let them run that way."
• 1998-09-30 John Savard: "Well, the NSA has a proud history which includes sinking a lot of Nazis...."
• 1998-09-28 RREYNARD: "...as a retired businessman, it appears that the creator/inventor of cryptographic algorithms and systems finds himself in the unfortunate position of being in the wrong business at the wrong time."
• 1998-09-28 Jerry Leichter: "...there's a general legal principle, called I think laches, which basically says that if you arbitrarily delay raising a legal claim for too long, you may lose your right to do so."
• 1998-09-29 Terry Ritter: "A patent is an offensive right, yes, but it is a right to collect damages." "Indeed, until a particular cipher is picked, there is likely to be little or no damage at all."
• 1998-09-29 John Savard: "Plus, if waiting for someone with deep pockets to sue constitutes an invalidation of patent rights, then so would waiting for someone to sue with small pockets for hiring a lawyer..." "*Several* of the AES candidates may be infringing the IDEA patent..."
• 1998-09-29 Bruce Schneier: "I will look at the IDEA patent."
• 1998-09-29 W T Shaw: "The government reserves the right to refuse to approve a standard based on the entries and adopt something else, or not set any standard...and not tell why."
• 1998-09-27 Lamont Granquist: "If *ANYTHING* is unconstitutional and un-american it is giving the winner of this contest a guaranteed 15 or so year contract to reap royalties from every government-used encryption product out there. It's like saying that all the cars the government uses for the next 15 years will be Fords."
• 1998-09-27 Terry Ritter: "Personally, I would have been willing to give *the government* a very attractive license. But that is not enough for our government: AES demanded that I give a free license to every for-profit company who would be *selling* software based on that technology. That sure sounds like a government-mandated subsidy for those guys, doesn't it?"
  "MULTIPLE CHOICE: If Ford is the winner in a contest for the most-efficient car design, based on long-term, very expensive and privately-funded research, would we expect: a) they should be made to give their superior technology to all their competitors, free of charge, or b) they should reap just rewards for their successful research."
• 1998-09-27 Lamont Granquist: "In this case "just rewards" are the PR and cipher design expertise which is entirely sufficient for counterpane and apparently sufficient for the 15 other applicants."
• 1998-09-28 Douglas A. Gwyn: "The correct answer is 'None of the above.'"
• 1998-09-27 Bruce Schneier: "Fundamentally new techniques for the sake of themselves have no place in a conservative standard. Fundamentally new techniques that resist attacks that break other things are much more interesting."
• 1998-09-27 David A. Scott: "...I don't think the US government wants to really compensate anybodys who is not political correct...."
• 1998-09-27 John Savard: "Initially the AES committee was expressing a strong preference for royalty-free submissions; this changed to a mandatory requirement shortly after a statement by you that the preference was unlikely to create problems."
• 1998-09-27 Bruce Schneier: "Thanks for the explanation."
• 1998-09-27 David A. Scott: "I really wonder which if not all of the methods are NSA fronts."
• 1998-09-27 Bruce Schneier: "...I know that Twofish is not an NSA entry, but there is no way I can prove that to you."
• 1998-09-27 Lamont Granquist: "Yeah, twofish was designed by the NSA, fronted by Bruce and Counterpane."
• 1998-09-28 David A. Scott: "Terry I agree with you here people should be FREE to pick what they want. The AES competation is just another clipper chip in sheeps clothing. It would be best to let market place decide on its own."
• 1998-09-28 David A. Scott: "It will be very hard to get good crypto to the masses when so called experts poo poo the idea of long keys as snake oil."
• 1998-09-28 David A. Scott: "I know you are jesting but TWOFISH would have my bet as NSA plant I just am not sure which of the rest are."
• 1998-09-28 W T Shaw: "If I were looking for plants, and I'm not, I would rather look at those who already have their hands in each others pockets."
• 1998-09-28 David A. Scott: "Terry if you did this kind of crap that Bruce did here people would not like you. But Bruce has the money and power to laugh in your face even if he knows that some of your ideas better than his."
• 1998-09-29 David A. Scott: "Of course the NSA horse will win. I think Bruce is on that horse but I am sure the NSA has more than one."
• 1998-09-29 RREYNARD: "As I recall, COBOL was the government's 'standardized' Common Business Oriented Language to be used by all government agencies for application programming. I don't believe it ever achieved 'standardization', it never became 'common' and many government agencies opted not to use it. It is my opinion, that the 'standard' crypto algorithm will realize similar success."
• 1998-09-29 David A. Scott: "I think most management mistakenly thinks that you have to pay lots of money to get something good."
• 1998-09-30 Terry Ritter: "The AES competition is government funded; presumably GNU C is not."
• 1998-09-29 W T Shaw: "Current events beat the soaps."

Subject: AES and patent rights
Date: Sat, 26 Sep 1998 15:41:03 GMT
From: schneier@counterpane.com (Bruce Schneier)
Message-ID: <360d0782.2157160@news.visi.com>
References: <360a964c.9610170@news.io.com>
   <jgfunj-2409981205490001@dialup60.itexas.net>
Newsgroups: sci.crypt
Lines: 82

On Thu, 24 Sep 1998 18:58:28 GMT, ritter@io.com (Terry Ritter) wrote:
>I continue to believe that the AES requirement for submitters to give
>up their property rights by their submission was un-American,
>unconstitutional, and also inappropriate at the first stage of a
>technical comparison process.  

I would tend to agree with you more if NIST received no submissions,
and nothing but protests.  But fifteen groups, including the most
aggressive crypto patent company (RSADSI), submitted algorithms.
We're all happy to give away our patent rights if we are chosen as the
standard.

Why should NIST consider options that cost when there are many--and
some very good ones--that don't cost?  That just seems smart business
sense to me.

In everything I've read about the Dept of Justice's case against
Microsoft, they never cleam that it is unconstitutional (or even
un-American) for them to give away their browser.  Their case hinges
on whether they used their Windows monopoly to manipulate the broswer
market.  Unless you can show a similar environment, I don't think you
have much of a case.

However, if you can break or otherwise show that the fifteen free
candidates are not good AES choices, NIST will have no option but to
look at patented ideas.

>I have serious alternate ciphering
>approaches, but I also *own* those approaches, and I am not going to
>simply make them "free, worldwide" until people "worldwide" start
>funding the research that brought these things forth.  If the
>government wants *my* stuff to be "free," they can first pay my
>salary, equipment, and an investment profit for a decade of work.  

Indeed.  This is your choice, and you are free to make it.

>The result of this AES requirement is that those who have *not*
>invested significantly in such research (or who can afford to give it
>away), have been granted an advantage by the government over those who
>*have* invested in such research.  This is the wrong message to send.

I disagree.  I believe that RSADSI, IBM, and NTT have invested
significant resources in their submissions.  (I choose these three
because their submissions reflect those resources.)  I personally have
invested over 1000 hours of Counterpane Systems time, time that we did
not spend doing billable work, on Twofish.

We all believe two things.  One, that the collateral knowledge gained
by donating those resources is worth someting.  And two, that the PR
benefit of being chosen as AES is worth something.  I don't believe
that it was un-American, unconstitutional, or inappropriate for AT&T
to give away their rights to the transistor, or to do research on
background radiation in the universe.  I don't believe that it is
un-American, unconstitutional, or inappropriate for automobile
companies to sponsor race cars, either.

>Note that this isn't about making things free for users:  It is not
>like NIST will demand that *software* which uses AES will be "free
>worldwide."  NIST doesn't want *software* companies to lose any money
>on *their* productive efforts.  But NIST (or NSA) apparently *does*
>want cipher designers to lose money on *their* efforts.  This is
>wrong, and may be about as close to a government conspiracy to
>restrict commerce as one might want to see.  

It's not NIST.  The cipher designers agreed to the rules.  Again, if
no one submitted a free candidate, then you would have a case.  There
are fifteen submitters who don't feel that the "problem" of losing
money for their efforts as a significant one.

>It is unfortunate that Bruce Schneier was a prime factor in getting
>the original rules changed so that only free designs would even be
>*considered* for AES.  

Was I?  Wow.  I thought that was NIST's idea.  Whatever, it seems like
the idea was a good one.  As I said before, we have fifteen
submissions, some of them very good.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com


Subject: Re: AES and patent rights
Date: Sat, 26 Sep 1998 18:22:16 GMT
From: ritter@io.com (Terry Ritter)
Message-ID: <360d30d2.9039808@news.io.com>
References: <360d0782.2157160@news.visi.com>
Newsgroups: sci.crypt
Lines: 212


On Sat, 26 Sep 1998 15:41:03 GMT, in <360d0782.2157160@news.visi.com>,
in sci.crypt schneier@counterpane.com (Bruce Schneier) wrote:

>On Thu, 24 Sep 1998 18:58:28 GMT, ritter@io.com (Terry Ritter) wrote:
>>I continue to believe that the AES requirement for submitters to give
>>up their property rights by their submission was un-American,
>>unconstitutional, and also inappropriate at the first stage of a
>>technical comparison process.  
>
>I would tend to agree with you more if NIST received no submissions,
>and nothing but protests.  But fifteen groups, including the most
>aggressive crypto patent company (RSADSI), submitted algorithms.
>We're all happy to give away our patent rights if we are chosen as the
>standard.

But while you *can* give *your* *own* patent rights away, you *cannot*
give away those rights which someone else may have established.  So if
someone else has established rights to what you have done, the cipher
will be just as encumbered as it might have been from you.  

This means that the rule *cannot* make a cipher "free worldwide."
What it does is prohibit competition from those who have actually
invested in research and developed new technology, and who cannot
effectively benefit in other ways.  

DES, for example, was free for use, but not worldwide.  And even those
rights were intensely negotiated right up to the date of publication
of the standard.  Note that there were many ways for the leading
computer company at the time to benefit without direct payment, from
guaranteed government contracts to reduced export hassles.  We do not
know what was negotiated or hinted with a wink and a nod.  But we do
know that negotiations were long and arduous.  At the time, IBM took
those rights very seriously.  


>Why should NIST consider options that cost when there are many--and
>some very good ones--that don't cost?  That just seems smart business
>sense to me.

First, NIST is not a business.  It is an arm of *my* government as
well as it is yours.  *Somehow* it just happens to respect your rights
more than it does mine.  *Somehow* it just happens that the rules --
that you publicly suggested and promoted before they were adopted --
favor you.  Odd.


>In everything I've read about the Dept of Justice's case against
>Microsoft, they never cleam that it is unconstitutional (or even
>un-American) for them to give away their browser.  Their case hinges
>on whether they used their Windows monopoly to manipulate the broswer
>market.  Unless you can show a similar environment, I don't think you
>have much of a case.

While I am not overly eager to spend years of my life rectifying yet
another legal disaster, this is exactly the sort of goading that might
push me to do just that.  

My argument would more likely be based on "equal protection under the
law" than antitrust; when government participation is limited by what
one owns, there have to be questions.  There is also "taking without
compensation."

But I have often wondered why Microsoft does not open a new front with
Justice by supporting a challenge to AES.  This would put them on the
side of the little guy, thus giving them some good press, but more
importantly could establish a precedent which could be vitally
important to their business:  If AES goes through as planned, the next
government thing might be the definition of a "standard" operating
system, and only those willing to give up their rights need apply.  A
US standard operating system available "free worldwide" could bring
down Microsoft far faster than any decades-long antitrust action.  


>However, if you can break or otherwise show that the fifteen free
>candidates are not good AES choices, NIST will have no option but to
>look at patented ideas.

Once again, there is really no way to know what is patented in these
submissions.  All we know is that the *submitters* will give up
*their* rights.  But that does not mean that someone else does not
have rights in those very same submissions.  

If *I* were in the position where somebody had proposed a system using
my owned technology, I would shut up and wait and hope to be chosen.  


>>I have serious alternate ciphering
>>approaches, but I also *own* those approaches, and I am not going to
>>simply make them "free, worldwide" until people "worldwide" start
>>funding the research that brought these things forth.  If the
>>government wants *my* stuff to be "free," they can first pay my
>>salary, equipment, and an investment profit for a decade of work.  
>
>Indeed.  This is your choice, and you are free to make it.

Thank you so much.


>>The result of this AES requirement is that those who have *not*
>>invested significantly in such research (or who can afford to give it
>>away), have been granted an advantage by the government over those who
>>*have* invested in such research.  This is the wrong message to send.
>
>I disagree.  I believe that RSADSI, IBM, and NTT have invested
>significant resources in their submissions.  (I choose these three
>because their submissions reflect those resources.)  I personally have
>invested over 1000 hours of Counterpane Systems time, time that we did
>not spend doing billable work, on Twofish.

Frankly, 1000 hours is really small change compared to the long-term
development of new ciphering technology.  You do use Feistel
ciphering, of course, as does most everybody else.  But you did not
develop it.  

There are various ways large companies can benefit, both from the
competition and possible selection.  The fact that they lose something
on the design process does not mean that they will not make it up.
But I suspect even they were not overjoyed at the idea of simply
giving away their technology because it was good.  Maybe that is *why*
we see so many submissions based on old Feistel technology.  


>We all believe two things.  One, that the collateral knowledge gained
>by donating those resources is worth someting.  And two, that the PR
>benefit of being chosen as AES is worth something.  I don't believe
>that it was un-American, unconstitutional, or inappropriate for AT&T
>to give away their rights to the transistor, 

This seems to be an odd comparison, since Bell Labs *licensed* those
rights to Sony, which is why we had a period in the 50's and 60's when
everybody had a Japanese portable transistor AM radio.  And Bell Labs
was not a government department.  


>or to do research on
>background radiation in the universe.  I don't believe that it is
>un-American, unconstitutional, or inappropriate for automobile
>companies to sponsor race cars, either.

Really?  You would force everyone who entered a car in the race to
sign over their rights to their design -- including any new
innovations -- if they won?  

That sounds like a very strange race to me.  

Race drivers and their organizations have to make real money, and they
depend upon the innovations in their cars.  I doubt they would give up
their rights -- unless of course they simply *have* no rights, and so
take the opportunity to exclude their competition.  

Somebody might even have the balls to take something like that to
court.  Especially if the race was government-sponsored.  


>>Note that this isn't about making things free for users:  It is not
>>like NIST will demand that *software* which uses AES will be "free
>>worldwide."  NIST doesn't want *software* companies to lose any money
>>on *their* productive efforts.  But NIST (or NSA) apparently *does*
>>want cipher designers to lose money on *their* efforts.  This is
>>wrong, and may be about as close to a government conspiracy to
>>restrict commerce as one might want to see.  
>
>It's not NIST.  The cipher designers agreed to the rules.  Again, if
>no one submitted a free candidate, then you would have a case.  

I have a case anyway.  

>There
>are fifteen submitters who don't feel that the "problem" of losing
>money for their efforts as a significant one.

There are various other reasons for someone to participate; the fact
that someone participates does not imply that ownership is not a
significant issue.  


>>It is unfortunate that Bruce Schneier was a prime factor in getting
>>the original rules changed so that only free designs would even be
>>*considered* for AES.  
>
>Was I?  Wow.  I thought that was NIST's idea.  

Oh, please.  Are we to believe you have forgotten your letter to NIST
after the first conference?  Shall we re-post it?

As I see it, and since you had no new technology of your own to enter,
it was in your business interest to prevent everyone who had such
technology from competing with you.  Good business, presumably, but
poor competition, and very bad science.  


>Whatever, it seems like
>the idea was a good one.  As I said before, we have fifteen
>submissions, some of them very good.

The competition is being conducted in a way which I believe is
unconstitutional, which means that the result -- whatever it is --
will be open to challenge.  

More than that, these rules act to restrict the long term development
of crypto technology by not allowing fundamentally-new technology to
compete, and by not rewarding the crypto design process itself.  These
rules are tools to minimize the open development of cryptographic
technology, and every entrant who participates is another government
argument that this is a good thing.

---
Terry Ritter   ritter@io.com   http://www.io.com/~ritter/
Crypto Glossary 1998-08-27: http://www.io.com/~ritter/GLOSSARY.HTM



Subject: Re: AES and patent rights
Date: Sat, 26 Sep 1998 21:37:43 GMT
From: schneier@counterpane.com (Bruce Schneier)
Message-ID: <360d5983.3024744@news.visi.com>
References: <360d30d2.9039808@news.io.com>
Newsgroups: sci.crypt
Lines: 228

I generally hate Usenet arguments.  I will respond to this, and you
are welcome to as many last words as you like.  If there is something
very new, interesting, or comment-worthy, I will respond.  But I see
no reason to continue volleying back and forth.

Bruce

On Sat, 26 Sep 1998 18:22:16 GMT, ritter@io.com (Terry Ritter) wrote:
>On Sat, 26 Sep 1998 15:41:03 GMT, in <360d0782.2157160@news.visi.com>,
>in sci.crypt schneier@counterpane.com (Bruce Schneier) wrote:
>
>>On Thu, 24 Sep 1998 18:58:28 GMT, ritter@io.com (Terry Ritter) wrote:
>>>I continue to believe that the AES requirement for submitters to give
>>>up their property rights by their submission was un-American,
>>>unconstitutional, and also inappropriate at the first stage of a
>>>technical comparison process.  
>>
>>I would tend to agree with you more if NIST received no submissions,
>>and nothing but protests.  But fifteen groups, including the most
>>aggressive crypto patent company (RSADSI), submitted algorithms.
>>We're all happy to give away our patent rights if we are chosen as the
>>standard.
>
>But while you *can* give *your* *own* patent rights away, you *cannot*
>give away those rights which someone else may have established.  So if
>someone else has established rights to what you have done, the cipher
>will be just as encumbered as it might have been from you.  
>
>This means that the rule *cannot* make a cipher "free worldwide."
>What it does is prohibit competition from those who have actually
>invested in research and developed new technology, and who cannot
>effectively benefit in other ways.  

Indeed. This is true, and worrisome.  It is possible that one (or
more) of the AES submissions infringes on some patent (or some pending
patent) held by some third party, and that third party will not say
anything until it is too late.  This has happened in other computer
standards committees, and the results are generally disasterous.  All
we can do is to hope for the best.

But yes, I do think about this and I am concerned.

>DES, for example, was free for use, but not worldwide.  And even those
>rights were intensely negotiated right up to the date of publication
>of the standard.  Note that there were many ways for the leading
>computer company at the time to benefit without direct payment, from
>guaranteed government contracts to reduced export hassles.  We do not
>know what was negotiated or hinted with a wink and a nod.  But we do
>know that negotiations were long and arduous.  At the time, IBM took
>those rights very seriously.  

From what I have been researched, IBM has never sued or even
threatened anyone for using DES.  If you have other evidence, I very
much want to hear it?

>>Why should NIST consider options that cost when there are many--and
>>some very good ones--that don't cost?  That just seems smart business
>>sense to me.
>
>First, NIST is not a business.  It is an arm of *my* government as
>well as it is yours.  *Somehow* it just happens to respect your rights
>more than it does mine.  *Somehow* it just happens that the rules --
>that you publicly suggested and promoted before they were adopted --
>favor you.  Odd.

Probably a government conspiracy, that's what I think.

Although more likely the government didn't want to force users of AES
to pay royalties, when there was the very strong possibility that free
alternatives migh be out there.  So NIST took a risk in only asking
for unencumbered submissions, but it looks like their risk paid off.
You and I and everyone else who builds encryption systems using AES
will benefit.

>My argument would more likely be based on "equal protection under the
>law" than antitrust; when government participation is limited by what
>one owns, there have to be questions.  There is also "taking without
>compensation."

NIST is not taking anything without compensation.  Everything is being
given freely.  You are not being compelled to submit and to give up
your rights.

>>However, if you can break or otherwise show that the fifteen free
>>candidates are not good AES choices, NIST will have no option but to
>>look at patented ideas.
>
>Once again, there is really no way to know what is patented in these
>submissions.  All we know is that the *submitters* will give up
>*their* rights.  But that does not mean that someone else does not
>have rights in those very same submissions.  
>
>If *I* were in the position where somebody had proposed a system using
>my owned technology, I would shut up and wait and hope to be chosen.  

I know.  You and many others.  All we can do is hope.  There is some
caselaw on the subject.  NIST will make a public call to all third
parties to state any potential patent claims regarding the
submissions.  If someone chooses not to, NIST could argue in court
that the patentholder deliberately withheld information in an attempt
to hide his rights until after AES was awarded.  Will this do any
good?  No one knows.

>>>The result of this AES requirement is that those who have *not*
>>>invested significantly in such research (or who can afford to give it
>>>away), have been granted an advantage by the government over those who
>>>*have* invested in such research.  This is the wrong message to send.
>>
>>I disagree.  I believe that RSADSI, IBM, and NTT have invested
>>significant resources in their submissions.  (I choose these three
>>because their submissions reflect those resources.)  I personally have
>>invested over 1000 hours of Counterpane Systems time, time that we did
>>not spend doing billable work, on Twofish.
>
>Frankly, 1000 hours is really small change compared to the long-term
>development of new ciphering technology.  You do use Feistel
>ciphering, of course, as does most everybody else.  But you did not
>develop it.  

Of course, every cryptography algorithm builds on the work of others.
I was only talking about direct Twofish development.  We used Feistel
networks (invented by Feistel), key-dependent S-boxes (I first saw
this in Khufu by Raph Merkle), S-boxes build out of a combination of
fixed S-boxes and a linear operation (basically, a rotor machine), MDS
matrices (used in Square, researched by Serge Vaudenay, and etc),
pseudo-Hadamard transforms (invented by Jim Massey), the idea of
mixing operations from different groups (researched by Xujia Lai, and
then by lots of other people), and analytic techniques for
differential, linear, higher-order differential, interpolation,
related-key, and other cryptanalyses (invented and extended by Eli
Biham, Adi Shamir, Lars Knudsen, Vincent Rijmen, us, Carlo Harpes,
Thomas Jakkobson, Mitsuru Matsui, Shiho Morai, and countless others).

Let it never be said that we did our work in a vacuum.

>There are various ways large companies can benefit, both from the
>competition and possible selection.  The fact that they lose something
>on the design process does not mean that they will not make it up.
>But I suspect even they were not overjoyed at the idea of simply
>giving away their technology because it was good.  

I suspect you are wrong, but that may be a false impression that I got
from having conversations on this topic with them.

>Maybe that is *why*
>we see so many submissions based on old Feistel technology.  

No, the reason is because it is a good technology.  Decoupling the
design of the F-function from the encryption/decryption strucuture is
nice, as is not having to worry about things working in the reverse
direction.  What is interesting to me is that we saw some of the never
variations of the Feistel network: target-heavy unbalanced Feistel
networks in MARS, and incomplete Feistel networks in CAST-256.  Even
the E2 work shows that there are still things to learn about the
Feistel structure.

>>There
>>are fifteen submitters who don't feel that the "problem" of losing
>>money for their efforts as a significant one.
>
>There are various other reasons for someone to participate; the fact
>that someone participates does not imply that ownership is not a
>significant issue.  

Again, you may be right.  All I have done is talk with the people
involved.

>>>It is unfortunate that Bruce Schneier was a prime factor in getting
>>>the original rules changed so that only free designs would even be
>>>*considered* for AES.  
>>
>>Was I?  Wow.  I thought that was NIST's idea.  
>
>Oh, please.  Are we to believe you have forgotten your letter to NIST
>after the first conference?  Shall we re-post it?

I believe you are confusing my endorsement of an idea with my
origination of an idea.  I find it hard to believe that I imposed my
desire for a free standard onto a reluctant NIST.  If so, good for me.
But I remember NIST wanting to ensure that AES was unencumbered by
patents.  Of course I agree with that position, and of course I said
so in my letter to NIST.  Thanks for the compliment, all the same.

>As I see it, and since you had no new technology of your own to enter,
>it was in your business interest to prevent everyone who had such
>technology from competing with you.  Good business, presumably, but
>poor competition, and very bad science.  

On the contrary, I am seeing some excellent science.  But as I said
before, you are welcome to break the submissions and show all of us
wrong.  In all honesty, if you can do that people will be willing to
pay for the patented technology that your techniques cannot break.

(I'll also pay for a strong bock cipher that encrypt data (ECB mode)
in less than 2 clock cycles per byte.  I don't know how to do that.)

>>Whatever, it seems like
>>the idea was a good one.  As I said before, we have fifteen
>>submissions, some of them very good.
>
>The competition is being conducted in a way which I believe is
>unconstitutional, which means that the result -- whatever it is --
>will be open to challenge.  

Unconstitutional!?  Neat.  Which part of the constitution do you see
being trampled on in this competition?

>More than that, these rules act to restrict the long term development
>of crypto technology by not allowing fundamentally-new technology to
>compete, and by not rewarding the crypto design process itself.  These
>rules are tools to minimize the open development of cryptographic
>technology, and every entrant who participates is another government
>argument that this is a good thing.

As a crypto designer, I have found the whole process more rewarding
than almost anything else I have done.  I expect those rewards to
continue, even if Twofish does not get chosen. 

And honestly, in a standard I would rather see a conservative design
than fundamentally new technology.  If you have the latter, start
writing papers and getting your ideas into the literature.  Time needs
to test things; this is cryptography, after all.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com


Subject: Re: AES and patent rights
Date: Sun, 27 Sep 1998 07:45:15 GMT
From: "Douglas A. Gwyn" <DAGwyn@null.net>
Message-ID: <360DECE4.33B6870C@null.net>
References: <360d5983.3024744@news.visi.com>
Newsgroups: sci.crypt
Lines: 32

Bruce Schneier wrote:
> Probably a government conspiracy, that's what I think.

Absolutely!  Everything anybody doesn't like must be due
to some evil government consipracy.  Could there possibly
be any other explanation?

> On the contrary, I am seeing some excellent science.  But as I said
> before, you are welcome to break the submissions and show all of us
> wrong.  In all honesty, if you can do that people will be willing to
> pay for the patented technology that your techniques cannot break.
> (I'll also pay for a strong bock cipher that encrypt data (ECB mode)
> in less than 2 clock cycles per byte.  I don't know how to do that.)

The way I would put this is, if people can obtain free technology
that provides adequate security and meets their other requirements,
then of course there is not much incentive to develop competing
security technology, except as an intellectual pastime.
But that's not a conspiracy, it's simple economics.

> Unconstitutional!?  Neat.  Which part of the constitution do you see
> being trampled on in this competition?

You're right; the US constitution (unfortunately) does not
prohibit government intervention in the marketplace.  That's
how we migrated from an essentially laisse-faire capitalist
society into a mixed economy.

If freedom of speech, or the right to bear arms, or due
process, etc. were involved, then there would be a
constitutional issue, but so far as I can see there is
no significant problem along those lines involving AES.


Subject: Re: AES and patent rights
Date: Sun, 27 Sep 1998 22:34:37 GMT
From: ritter@io.com (Terry Ritter)
Message-ID: <360ebd79.18691713@news.io.com>
References: <360d5983.3024744@news.visi.com>
Newsgroups: sci.crypt
Lines: 232


On Sat, 26 Sep 1998 21:37:43 GMT, in <360d5983.3024744@news.visi.com>,
in sci.crypt schneier@counterpane.com (Bruce Schneier) seemed to
respond, yet failed to address his own analogy:

>[...]
>I don't believe that it is
>>un-American, unconstitutional, or inappropriate for automobile
>>companies to sponsor race cars, either.
>
>Really?  You would force everyone who entered a car in the race to
>sign over their rights to their design -- including any new
>innovations -- if they won?  
>
>That sounds like a very strange race to me.  
>
>Race drivers and their organizations have to make real money, and they
>depend upon the innovations in their cars.  I doubt they would give up
>their rights -- unless of course they simply *have* no rights, and so
>take the opportunity to exclude their competition.  
>
>Somebody might even have the balls to take something like that to
>court.  Especially if the race was government-sponsored.  


>[...]
>From what I have been researched, IBM has never sued or even
>threatened anyone for using DES.  If you have other evidence, I very
>much want to hear it?

Please try to follow along:  DES was a US standard.  It was free for
use in the US.  Presumably IBM got something for that.  Lawsuits and
threatening have nothing to do with it.  


>[...]
>Although more likely the government didn't want to force users of AES
>to pay royalties, when there was the very strong possibility that free
>alternatives migh be out there.  So NIST took a risk in only asking
>for unencumbered submissions, but it looks like their risk paid off.
>You and I and everyone else who builds encryption systems using AES
>will benefit.

A standard *cipher* should be an advantage for bankers who want the
liability protection of "due diligence." 

But companies and individuals can make their own decisions about what
cipher to use, based on the opinions of experts they trust, or just
random chance.  Freedom is like that.  

On the other hand, a government *interface* standard which could
handle (virtually) any cipher of any sort as dynamically selected,
would be useful.  


>>My argument would more likely be based on "equal protection under the
>>law" than antitrust; when government participation is limited by what
>>one owns, there have to be questions.  There is also "taking without
>>compensation."
>
>NIST is not taking anything without compensation.  Everything is being
>given freely.  You are not being compelled to submit and to give up
>your rights.

Indeed, I did not submit.  

But *you* get to participate in a government-funded process which took
nothing from you, but would take property from me.  

This is a little more than "not being compelled to submit."


>>[...]
>>If *I* were in the position where somebody had proposed a system using
>>my owned technology, I would shut up and wait and hope to be chosen.  
>
>I know.  You and many others.  

Life in the property lane:  You don't own the land you travel over
unless you got there first and registered your claim.  Deal with it.  


>All we can do is hope.  

Exactly how *I* feel!  The whole process could be *quite* amusing.  

It's something like a small herd of nearsighted bumbling sheep with
their own blind shepherd.  


>There is some
>caselaw on the subject.  NIST will make a public call to all third
>parties to state any potential patent claims regarding the
>submissions.  If someone chooses not to, NIST could argue in court
>that the patentholder deliberately withheld information in an attempt
>to hide his rights until after AES was awarded.  Will this do any
>good?  No one knows.

As far as I know, there is *no* responsibility in patents to take
offensive action at any particular time *or* to respond to
governmental calls for clarification.  Perhaps you are thinking of
copyright.  


>[...]
>>>>It is unfortunate that Bruce Schneier was a prime factor in getting
>>>>the original rules changed so that only free designs would even be
>>>>*considered* for AES.  
>>>
>>>Was I?  Wow.  I thought that was NIST's idea.  
>>
>>Oh, please.  Are we to believe you have forgotten your letter to NIST
>>after the first conference?  Shall we re-post it?
>
>I believe you are confusing my endorsement of an idea with my
>origination of an idea.  

I'm surprised you aren't crying "I don't remember, I can't recall."
Of course that would do no good, since all this is in the public
record, but at least it would be more amusing than you blaming me for
your words.  

The NIST position coming out of the first conference was that
"patented algorithms" (sic) would be accepted, but there would be a
bias against them.  You then argued in a letter -- which you made
public -- that patented algorithms should not be accepted at all.  And
that became the rule.  And of course it was just a coincidence that
this also stripped off some of your competition.  

Are you in charge of NIST?  No.  Do you bear ultimate responsibility?
No.  Would you be the target of a lawsuit?  Probably not.  Was your
letter a major factor in the internal debate?  My guess is yes.  So,
are you the proximate cause of the rules change?  Probably so.  


>I find it hard to believe that I imposed my
>desire for a free standard onto a reluctant NIST.  

Everybody has limited resources, so we all want everything free.  Many
of us are marketplace infants or defeated warriors who would prefer to
suck at the government teat.  Unfortunately, there are social
consequences to free things, and those consequences lead to less
funding for cipher design and technology.  I see this as a bad trade
for society.  In the end, it is better to actually pay the worth of
production, rather than to "depend upon the kindness of strangers."  


>If so, good for me.
>But I remember NIST wanting to ensure that AES was unencumbered by
>patents.  Of course I agree with that position, and of course I said
>so in my letter to NIST.  Thanks for the compliment, all the same.


>[...]
>(I'll also pay for a strong bock cipher that encrypt data (ECB mode)
>in less than 2 clock cycles per byte.  I don't know how to do that.)

And once you know, would you still pay?

Certainly my stuff can do 1 cycle PER BLOCK with enough hardware, but
I don't think that's unique.  I suppose it might be unique that those
blocks can be 64 BYTES WIDE, and so avoid CBC chaining, which means
faster ciphering overall, beyond per-block measures.  


>>[...]
>>The competition is being conducted in a way which I believe is
>>unconstitutional, which means that the result -- whatever it is --
>>will be open to challenge.  
>
>Unconstitutional!?  Neat.  Which part of the constitution do you see
>being trampled on in this competition?

1) Equal protection under the law.  
2) Taking without compensation.  
3) Misuse of power; ruling beyond color of law.  

You have heard of such things, right?  Well you should have -- the
first two were in my previous response.  Do try to keep up.   


>>More than that, these rules act to restrict the long term development
>>of crypto technology by not allowing fundamentally-new technology to
>>compete, and by not rewarding the crypto design process itself.  These
>>rules are tools to minimize the open development of cryptographic
>>technology, and every entrant who participates is another government
>>argument that this is a good thing.
>
>As a crypto designer, I have found the whole process more rewarding
>than almost anything else I have done.  I expect those rewards to
>continue, even if Twofish does not get chosen. 
>
>And honestly, in a standard I would rather see a conservative design
>than fundamentally new technology.  If you have the latter, start
>writing papers and getting your ideas into the literature.  

If you want articles, I have articles all over my pages.  Many have
been on-line for years; some are new in the last few months.  Since
they are available for reading by the public, they are published.  Any
alleged scientist in cryptography who hasn't kept up with my stuff has
nobody to blame but their own lazy self.  The major topics are:

1)  Dynamic Substitution: keyed, table-based, nonlinear-yet-reversible
statistically-balanced combiners for stream ciphers

   http://www.io.com/~ritter/#DynSubTech

2)  Balanced Block Mixing: arguably perfect balanced reversible
mixing, now by keyed nonlinear tables.

   http://www.io.com/~ritter/#BBMTech

3)  Mixing Ciphers: scalable block ciphers based on (2), supporting
toy implementations and huge block sizes which can be dynamically
selected (in powers-of-2) at ciphering time.  Large blocks avoid the
need for CBC chaining and all the sequentiality that implies.  

   http://www.io.com/~ritter/#MixTech

4)  Variable Size Block Ciphers: scalable block ciphers with
constant-depth logic and size dynamically-variable to the byte as
selected at ciphering time.  Modest use of padding in the ciphertext
implies that individual blocks cannot even be distinguished, let alone
attacked.

   http://www.io.com/~ritter/#VSBCTech

---
Terry Ritter   ritter@io.com   http://www.io.com/~ritter/
Crypto Glossary 1998-08-27: http://www.io.com/~ritter/GLOSSARY.HTM



Subject: Re: AES and patent rights
Date: Mon, 28 Sep 1998 00:39:39 GMT
From: schneier@counterpane.com (Bruce Schneier)
Message-ID: <360ed738.1402804@news.visi.com>
References: <360ebd79.18691713@news.io.com>
Newsgroups: sci.crypt
Lines: 185

On Sun, 27 Sep 1998 22:34:37 GMT, ritter@io.com (Terry Ritter) wrote:
>On Sat, 26 Sep 1998 21:37:43 GMT, in <360d5983.3024744@news.visi.com>,
>in sci.crypt schneier@counterpane.com (Bruce Schneier) seemed to
>respond, yet failed to address his own analogy:

The analogy was not very good; it wasn't worth defending. I was
thinking of auto racing sponsorship as something done for publicity;
you pointed out that the auto manufacturers got to keep rights to
their designs.  Perhaps better would be the sponsorship of a
particular olympics team.  When Company X sponsors the U.S. ski team,
they spend money and expertise (or at least, buy expertise) and
receive nothing back except publicity.

>>[...]
>>From what I have been researched, IBM has never sued or even
>>threatened anyone for using DES.  If you have other evidence, I very
>>much want to hear it?
>
>Please try to follow along:  DES was a US standard.  It was free for
>use in the US.  Presumably IBM got something for that.  Lawsuits and
>threatening have nothing to do with it.  

Again, if you know of anything IBM got from DES besides publicity,
please let me know.  

>>>My argument would more likely be based on "equal protection under the
>>>law" than antitrust; when government participation is limited by what
>>>one owns, there have to be questions.  There is also "taking without
>>>compensation."
>>
>>NIST is not taking anything without compensation.  Everything is being
>>given freely.  You are not being compelled to submit and to give up
>>your rights.
>
>Indeed, I did not submit.  
>
>But *you* get to participate in a government-funded process which took
>nothing from you, but would take property from me.  
>
>This is a little more than "not being compelled to submit."

What is AES process taking from you?  You were not compelled to
submit, so AES will not take your work away from you.  I know that you
patent your ideas, so if the eventual AES algorithm infringes on any
of your patents then you will demand your rights.  I don't see
anything of yours being taken away.

>>>[...]
>>>If *I* were in the position where somebody had proposed a system using
>>>my owned technology, I would shut up and wait and hope to be chosen.  
>>
>>I know.  You and many others.  
>
>Life in the property lane:  You don't own the land you travel over
>unless you got there first and registered your claim.  Deal with it.  

I am, as wel all are.

>>All we can do is hope.  
>
>Exactly how *I* feel!  The whole process could be *quite* amusing.  
>
>It's something like a small herd of nearsighted bumbling sheep with
>their own blind shepherd.  

Moo.  Oops, sorry.  Baaa.

>>There is some
>>caselaw on the subject.  NIST will make a public call to all third
>>parties to state any potential patent claims regarding the
>>submissions.  If someone chooses not to, NIST could argue in court
>>that the patentholder deliberately withheld information in an attempt
>>to hide his rights until after AES was awarded.  Will this do any
>>good?  No one knows.
>
>As far as I know, there is *no* responsibility in patents to take
>offensive action at any particular time *or* to respond to
>governmental calls for clarification.  Perhaps you are thinking of
>copyright.  

No, I am thinking of patents.  Patentholders must exercise their
rights, or they lose them.  In this case, though, I believe you are
correct.

>>[...]
>>>>>It is unfortunate that Bruce Schneier was a prime factor in getting
>>>>>the original rules changed so that only free designs would even be
>>>>>*considered* for AES.  
>>>>
>>>>Was I?  Wow.  I thought that was NIST's idea.  
>>>
>>>Oh, please.  Are we to believe you have forgotten your letter to NIST
>>>after the first conference?  Shall we re-post it?
>>
>>I believe you are confusing my endorsement of an idea with my
>>origination of an idea.  
>
>I'm surprised you aren't crying "I don't remember, I can't recall."
>Of course that would do no good, since all this is in the public
>record, but at least it would be more amusing than you blaming me for
>your words.  
>
>The NIST position coming out of the first conference was that
>"patented algorithms" (sic) would be accepted, but there would be a
>bias against them.  You then argued in a letter -- which you made
>public -- that patented algorithms should not be accepted at all.  And
>that became the rule.  And of course it was just a coincidence that
>this also stripped off some of your competition.  
>
>Are you in charge of NIST?  No.  Do you bear ultimate responsibility?
>No.  Would you be the target of a lawsuit?  Probably not.  Was your
>letter a major factor in the internal debate?  My guess is yes.  So,
>are you the proximate cause of the rules change?  Probably so.  

Well, good for me then.  I'm glad I restricted the competition to free
candidates.  The last thing we need is another RSADSI-like monopoly.

>>[...]
>>(I'll also pay for a strong bock cipher that encrypt data (ECB mode)
>>in less than 2 clock cycles per byte.  I don't know how to do that.)
>
>And once you know, would you still pay?
>
>Certainly my stuff can do 1 cycle PER BLOCK with enough hardware, but
>I don't think that's unique.  I suppose it might be unique that those
>blocks can be 64 BYTES WIDE, and so avoid CBC chaining, which means
>faster ciphering overall, beyond per-block measures.  

Sorry, I meant on a general-purpose CPU.  And I mean a 64-bit codebook
(or a 128-bit codebook).

>>>[...]
>>>The competition is being conducted in a way which I believe is
>>>unconstitutional, which means that the result -- whatever it is --
>>>will be open to challenge.  
>>
>>Unconstitutional!?  Neat.  Which part of the constitution do you see
>>being trampled on in this competition?
>
>1) Equal protection under the law.  
>2) Taking without compensation.  
>3) Misuse of power; ruling beyond color of law.  
>
>You have heard of such things, right?  Well you should have -- the
>first two were in my previous response.  Do try to keep up.   

I'm trying to keep up, but it's hard.  I believe that everyone is
being treated equally under the law here. The rules for you are not
different than the rules for me.  I don't see anything being taken
without compensation, since the competition is voluntary.  And misuse
of power is really stretching things.

I guess I can't keep up.  Good luck with your constitutional
challenge.

>>And honestly, in a standard I would rather see a conservative design
>>than fundamentally new technology.  If you have the latter, start
>>writing papers and getting your ideas into the literature.  
>
>If you want articles, I have articles all over my pages.  Many have
>been on-line for years; some are new in the last few months.  Since
>they are available for reading by the public, they are published.  Any
>alleged scientist in cryptography who hasn't kept up with my stuff has
>nobody to blame but their own lazy self. 

Unfortunately, that's not true.  (And it is unfortunate.)  Publication
does not mean self-publication on a website, it means publication in a
workshop, conference, or journal.

In any case, even if you don't want to publish in conferences or
journals, put cryptanalysis papers on your website.  As I said before,
new ideas just for their own sake aren't very interesting.  You need
to show how the old ideas are insufficient.  You need to break ciphers
designed with the old ideas, and then show how your own ideas are
better.

Designs are dime a dozen, so it's hard to seperate the good ones from
the silly ones.  Good cryptanalysis is hard; it will force people to
take notice of your work.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com


Subject: Re: AES and patent rights
Date: 28 Sep 1998 03:46:54 GMT
From: stl137@aol.com (STL137)
Message-ID: <19980927234654.06997.00002851@ng111.aol.com>
References: <360ed738.1402804@news.visi.com>
Newsgroups: sci.crypt
Lines: 9


<<Moo.  Oops, sorry.  Baaa.>>
Har har - this one goes on my quotes page...
------
STL137@aol.com  ===>  Website: http://members.aol.com/stl137/
PGP keys: ~~~pgp.html Quotes: ~~~quotes.html
"I have sworn upon the altar of God eternal hostility against every form of
tyranny over the mind of man" - Thomas Jefferson



Subject: Re: AES and patent rights
Date: Mon, 28 Sep 1998 03:57:06 GMT
From: ritter@io.com (Terry Ritter)
Message-ID: <360f0886.6675979@news.io.com>
References: <360ed738.1402804@news.visi.com>
Newsgroups: sci.crypt
Lines: 85


On Mon, 28 Sep 1998 00:39:39 GMT, in <360ed738.1402804@news.visi.com>,
in sci.crypt schneier@counterpane.com (Bruce Schneier) wrote:

>>>[...]
>>>NIST is not taking anything without compensation.  Everything is being
>>>given freely.  You are not being compelled to submit and to give up
>>>your rights.
>>
>>Indeed, I did not submit.  
>>
>>But *you* get to participate in a government-funded process which took
>>nothing from you, but would take property from me.  
>>
>>This is a little more than "not being compelled to submit."
>
>What is AES process taking from you?  You were not compelled to
>submit, so AES will not take your work away from you.  I know that you
>patent your ideas, so if the eventual AES algorithm infringes on any
>of your patents then you will demand your rights.  I don't see
>anything of yours being taken away.

Well, this is progress!  Now we're about halfway there:

Clearly, if someone else used my work in their submission, I would
"participate" in AES without loss to me.  My patents would still apply
even if that design was selected.  

But I could not *submit* *my* *own* *work* without loss of rights.

This means that a government process -- one that should apply to me
just the same as you -- would cost me *more* than it cost you.  This
is just not equal protection under the law.  


>>[...]
>>If you want articles, I have articles all over my pages.  Many have
>>been on-line for years; some are new in the last few months.  Since
>>they are available for reading by the public, they are published.  Any
>>alleged scientist in cryptography who hasn't kept up with my stuff has
>>nobody to blame but their own lazy self. 
>
>Unfortunately, that's not true.  (And it is unfortunate.)  Publication
>does not mean self-publication on a website, it means publication in a
>workshop, conference, or journal.

Fortunately, Science is not the exclusive province of journals, or
even academia.  It does not require obeisance from acolytes in
pretentious self-congratulatory symposia nor exist solely in expensive
ink-on-paper prayer books.  Science just is.  

My stuff is available to anyone.  It is not restricted to students who
are physically close to a major library system.  It doesn't cost
anything at all, not the price of a symposium, not the price of a
book, not even the price of a CD.  In my view, this is the way Science
should be, and that is the way I do it.  

The role of a "refereed publication" is (or was useful at one time) to
winnow out some of the chaff and make the resulting journal more
worthwhile.  This is a *service* to the reader.  While this process
does define what appears in a particular journal, it is *not* the
distinction between Science good and bad.  Nor does the term "archival
journal" mean what it used to mean.  

Academic works generally are *required* to acknowledge the sources of
*ideas*, and this is often done even for "private communications" such
as personal letters and even private discussions.  These are certainly
far more questionable than any published works.  

Web pages and Usenet articles are published worldwide in form fixed as
of a specific date, should have the author's name and a title, and
carry both a legal copyright and ethical pride-of-authorship.  This is
indeed "publication" for academic purposes.  Electronic publication
can establish legal and moral priority in a field, and is disregarded
only by those who wish to be known as academic thieves.  

Again, my stuff is available free on my pages.  Any alleged scientist
in cryptography who hasn't kept up with it has nobody to blame but
their own lazy self. 

---
Terry Ritter   ritter@io.com   http://www.io.com/~ritter/
Crypto Glossary 1998-08-27: http://www.io.com/~ritter/GLOSSARY.HTM



Subject: Re: AES and patent rights
Date: Sun, 27 Sep 1998 21:43:49 -0700
From: Jim Gillogly <jim@acm.org>
Message-ID: <360F1405.ACCBFB83@acm.org>
References: <360f0886.6675979@news.io.com>
Newsgroups: sci.crypt
Lines: 49

> Bruce Schneier wrote:
> >What is AES process taking from you?  You were not compelled to
> >submit, so AES will not take your work away from you.  I know that you
> >patent your ideas, so if the eventual AES algorithm infringes on any
> >of your patents then you will demand your rights.  I don't see
> >anything of yours being taken away.

Terry Ritter wrote:
> Well, this is progress!  Now we're about halfway there:
> 
> Clearly, if someone else used my work in their submission, I would
> "participate" in AES without loss to me.  My patents would still apply
> even if that design was selected.
> 
> But I could not *submit* *my* *own* *work* without loss of rights.
> 
> This means that a government process -- one that should apply to me
> just the same as you -- would cost me *more* than it cost you.  This
> is just not equal protection under the law.

Are you trying to make this into one of those "The rich as well as
the poor are prohibited by the law from sleeping under bridges" things?
You'll need to spell this one out for me.  The way I see it is this:

Bruce & Co. designed and analyzed an algorithm.  They submitted it
as an AES candidate and chose not to exert any patent rights.  They
presumably could have patented it if they'd wanted -- the patent office
is taking just about anything these days.

You designed and analyzed an algorithm.  You patented it.  If you had
submitted it as an AES candidate you would have had to give up some of
those patent rights.  You chose not to submit it.

How is this not equal protection under the law?  You've simply chosen
a different path.  Have you yet answered the question about what IBM
has received for DES beyond publicity?

You say in another posting that your work has been taken without
compensation.  Which work?  Do one or more of the AES candidates
infringe on your patents?  What is the extent of the damage to you?
Do you think that the process will somehow invalidate your patents?

Feel free to ignore any of these you've already answered -- I stipulate
that I have not read all the messages in this thread.

-- 
	Jim Gillogly
	Highday, 7 Winterfilth S.R. 1998, 04:27
	12.19.5.9.19, 3 Cauac 12 Chen, First Lord of Night


Subject: Re: AES and patent rights
Date: Mon, 28 Sep 1998 08:24:51 GMT
From: ritter@io.com (Terry Ritter)
Message-ID: <360f47cb.22874233@news.io.com>
References: <360F1405.ACCBFB83@acm.org>
Newsgroups: sci.crypt
Lines: 145


On Sun, 27 Sep 1998 21:43:49 -0700, in <360F1405.ACCBFB83@acm.org>, in
sci.crypt Jim Gillogly <jim@acm.org> wrote:

>[...]
>Are you trying to make this into one of those "The rich as well as
>the poor are prohibited by the law from sleeping under bridges" things?

I'm not trying to *make* it anything.  It is what it is.  I am trying
to *explain* it, although that does seem rather futile here, everyone
being so anxious for their free meal of AES and all.  That being the
case, what is there to discuss? 


>You'll need to spell this one out for me.  The way I see it is this:
>
>Bruce & Co. designed and analyzed an algorithm.  They submitted it
>as an AES candidate and chose not to exert any patent rights.  They
>presumably could have patented it if they'd wanted -- the patent office
>is taking just about anything these days.

Oh, yeah.  Why don't *you* just sit down, write a patent, draw
figures, construct claims, and prosecute that case through several
responses over a period of years to issuance and see how goddamn easy
it is?  Maybe the process won't seem quite as funny thereafter.


>You designed and analyzed an algorithm.  You patented it.  

We do not patent algorithms.  We can patent implementations of
algorithms; they are called "processes."  But most of my claims are
"machine claims."  


>If you had
>submitted it as an AES candidate you would have had to give up some of
>those patent rights.  You chose not to submit it.
>
>How is this not equal protection under the law?  

OK, one last shot:  

Entrant A has no intellectual property to speak of, so he has none to
lose.  Entering (with the possibility of winning), therefore, is not
costly to him.

Entrant B does have intellectual property, established through a
complex process of some cost, effort, and time.  Entrant B thus has
property and investment to lose.  Entering, therefore, *is* costly to
him.

SO... entering is cheap for A, who has no property, and costly for B,
who does.  

Why is this hard to understand?

It is true that various interactions with government are based on the
property we have: tax rates vary, and welfare and other grants are
sometimes means-based.  But would it be reasonable to pay more for
parking based on the value of one's car?  The ideal in the US (which
admittedly we never achieve) is that each person has the same vote,
and the same worth to the government as any other, independent of
property holdings or wealth.  

Somewhere there is a dividing line between those services which are
provided equally to citizens independent of their means, and those
which are not.  I claim that AES crossed the line. 


>You've simply chosen
>a different path.  

Indeed.  But I chose this path because the alternative as wrong.


>Have you yet answered the question about what IBM
>has received for DES beyond publicity?

Asking this question makes no sense, and the very fact that it keeps
being asked brings into question the motives of those who ask it.  It
would be just as unreasonable to insist that you show me that IBM
received nothing more than publicity.  Have you showed that yet?  

We do know that intensive negotiation was going on right up until DES
was actually published.  Negotiation normally means that some form of
compromise or reciprocal bargain is being struck.  It simply does not
take much negotiation to say:  "We'll just make this cipher free for
use in the US."  (There is no question about free use of DES being
limited to the US; although AES is to be free *worldwide*.)

There were many ways the government could have provided compensation
to the largest computer company in the world, ranging from shifting
government contracts to easing export.  None of this is necessarily
cash on the barrel head, but it would be compensation.  From the right
person, a wink and a nod would probably be sufficient.  We don't know.


>You say in another posting that your work has been taken without
>compensation.  

No, I did not say that, but presumably you took that implication from
what I actually did say.

What I mean is that -- as a condition of AES participation -- rights
had to be given up for the chosen submission.  What was actually given
was an *option* on rights, just as one might take an option on land.
But options are themselves worth something.  Requiring such an option
as a condition of participation sounds like taking without
compensation to me.  


>Which work?  Do one or more of the AES candidates
>infringe on your patents?  

I doubt it, but I suppose it is possible.  Do you have something
particular in mind?  


>What is the extent of the damage to you?

Damage?  

I suppose the damage here is that I became even more cynical and
disgusted than before by the obvious political manipulations in what
should have been a technical process.  Just Washington as usual, I
guess, but that doesn't make it right.

I had been planning to participate in AES for years before AES was
even proposed.  You can see work on my pages now about 5 years old
which describes problems with DES and proposes alternatives.  I was
one of the first to insist that a 64-bit block was too small.  By not
participating I was naturally disappointed, but I feel more knifed in
the back by my government than really caring about the "contest."  It
is not a contest.   


>Do you think that the process will somehow invalidate your patents?

What?  Certainly not.  Where did *that* come from?

---
Terry Ritter   ritter@io.com   http://www.io.com/~ritter/
Crypto Glossary 1998-08-27: http://www.io.com/~ritter/GLOSSARY.HTM



Subject: Re: AES and patent rights
Date: Mon, 28 Sep 1998 13:35:51 GMT
From: schneier@counterpane.com (Bruce Schneier)
Message-ID: <360f8f29.3658837@news.visi.com>
References: <360f47cb.22874233@news.io.com>
Newsgroups: sci.crypt
Lines: 77

On Mon, 28 Sep 1998 08:24:51 GMT, ritter@io.com (Terry Ritter) wrote:
>OK, one last shot:  
>
>Entrant A has no intellectual property to speak of, so he has none to
>lose.  Entering (with the possibility of winning), therefore, is not
>costly to him.
>
>Entrant B does have intellectual property, established through a
>complex process of some cost, effort, and time.  Entrant B thus has
>property and investment to lose.  Entering, therefore, *is* costly to
>him.
>
>SO... entering is cheap for A, who has no property, and costly for B,
>who does.  
>
>Why is this hard to understand?

It is hard to understand because you are starting in the middle of the
process.  Under your assumptions, A does not have any patent rights
and B does.  But we're looking at it one step back, at the idea phase:

Entrant A has an idea.  He chooses not to patent it, and instead to
submit it to AES.

Entrant B has an idea.  He choosed to patent it, and not to submit it
to AES.

This seems to be the difference here.

>>Have you yet answered the question about what IBM
>>has received for DES beyond publicity?
>
>Asking this question makes no sense, and the very fact that it keeps
>being asked brings into question the motives of those who ask it.  It
>would be just as unreasonable to insist that you show me that IBM
>received nothing more than publicity.  Have you showed that yet?  
>
>We do know that intensive negotiation was going on right up until DES
>was actually published.  Negotiation normally means that some form of
>compromise or reciprocal bargain is being struck.  It simply does not
>take much negotiation to say:  "We'll just make this cipher free for
>use in the US."  (There is no question about free use of DES being
>limited to the US; although AES is to be free *worldwide*.)

I suppose he's right.  There could have been a secret payoff between
NBS and IBM, one that all of DES's designers were kept in the dark
about (or which they have lied about all these years).  There could be
secret payoffs going on to this day between IBM and foreign companies
who are using DES.

All we can say is that everyone associated with DES has claimed that
IBM gave up all patent right in exchange for nothing, that the
official documents agree, and that no one in any country has said that
they have paid IBM something for using DES.  But Terry is right, this
could all be a conspiracy.

>>You say in another posting that your work has been taken without
>>compensation.  
>
>No, I did not say that, but presumably you took that implication from
>what I actually did say.
>
>What I mean is that -- as a condition of AES participation -- rights
>had to be given up for the chosen submission.  What was actually given
>was an *option* on rights, just as one might take an option on land.
>But options are themselves worth something.  Requiring such an option
>as a condition of participation sounds like taking without
>compensation to me.  

The difference seems to me that we see that participation is a choice,
so there is no taking.  He seems to feel differently.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com


Subject: Re: AES and patent rights
Date: Mon, 28 Sep 1998 20:36:25 GMT
From: jsavard@tenMAPSONeerf.edmonton.ab.ca (John Savard)
Message-ID: <360ff05c.18633593@news.prosurfr.com>
References: <360f8f29.3658837@news.visi.com>
Newsgroups: sci.crypt
Lines: 33

schneier@counterpane.com (Bruce Schneier) wrote, in part:

>But Terry is right, this
>could all be a conspiracy.

I doubt that Terry Ritter was alleging that sort of conspiracy...

of course, there are other people who claim that DES, IDEA, Blowfish,
and all the other well-known block cipher designs are horribly
insecure, and suggest that instead we should go and use block ciphers
with key-dependent S-boxes with 65,536 entries in them, or Genuine
Artificial Imitation One-Time Pads, as the only true road to security.

Obviously, reading your book _Applied Cryptography_ will lead people
to suspecting that you are one of the members of this "conspiracy" as
well.

As for myself, I'm trying to lead the way to universal security, with
designs like the baroque, slow, and hideously complicated Quadibloc
II, including a 256-byte key-dependent S-box, the earlier Mishmash
proposal which redefines the word "nonlinearity", and my latest
large-key brainstorm which rolls together DES, the other Vernam
machine (the two-tape system) and the SIGABA, that, on the one hand,
are genuinely secure by conventional methods, and yet also include
attributes that seem to warm the hearts of those often called
"snake-oil vendors", i.e., a huge key, a novel structure that seems
bewildering to analyze.

Of course, if I expect incompetent people to use my designs, I really
will have to sit down and write some code for them to use...

John Savard
http://members.xoom.com/quadibloc/index.html


Subject: Re: AES and patent rights
Date: Mon, 28 Sep 1998 07:49:18 -0700
From: Jim Gillogly <jim@acm.org>
Message-ID: <360FA1EE.32D300F1@acm.org>
References: <360f47cb.22874233@news.io.com>
Newsgroups: sci.crypt
Lines: 37

I can see we're on different enough wavelengths that doing a
point-by-point argument would be pointless and end up in a
dozen different arguments that don't belong in sci.crypt, but
here's one I can't help objecting to.

> On Sun, 27 Sep 1998 21:43:49 -0700, in <360F1405.ACCBFB83@acm.org>, in
> sci.crypt Jim Gillogly <jim@acm.org> wrote:
> >You designed and analyzed an algorithm.  You patented it.

Terry Ritter wrote:
> We do not patent algorithms.  We can patent implementations of
> algorithms; they are called "processes."

I recognize that algorithms are not supposed to be patentable, but
in fact a great many algorithms are patented.  The patents are
written in stilted and contorted language that casts the algorithm
as a process or machine.  In fact this is nonsense, as anyone who's
had the pleasure of reading one of them should be able to attest.
If anybody hasn't, I recommend the LZ77 compression algorithm
patent.

If algorithms couldn't be patented, then programming algorithms
on computers wouldn't violate any patents.  Whether you say I've
implemented the process by programming the computer, or you say
I've developed a machine that realizes that patent by programming
a computer, in fact what I have done is implemented an algorithm
by programming the computer.

I don't disagree that designing an important algorithm such as
RSA is a significant piece of intellectual property and the
authors deserve a reward.  I do disagree that the patent process
is set up to offer that reward.

--
	Jim Gillogly
	Highday, 7 Winterfilth S.R. 1998, 14:39
	12.19.5.10.0, 4 Ahau 13 Chen, Second Lord of Night


Subject: Re: AES and patent rights
Date: 28 Sep 1998 16:48:50 GMT
From: lamontg@bite.me.spammers
Message-ID: <6uoeli$1amu$1@nntp6.u.washington.edu>
References: <360f47cb.22874233@news.io.com>
Newsgroups: sci.crypt
Lines: 64

ritter@io.com (Terry Ritter) writes:
>>How is this not equal protection under the law?  
>
>OK, one last shot:  
>
>Entrant A has no intellectual property to speak of, so he has none to
>lose.  Entering (with the possibility of winning), therefore, is not
>costly to him.
>
>Entrant B does have intellectual property, established through a
>complex process of some cost, effort, and time.  Entrant B thus has
>property and investment to lose.  Entering, therefore, *is* costly to
>him.
>
>SO... entering is cheap for A, who has no property, and costly for B,
>who does.  
>
>Why is this hard to understand?

Because nobody is forcing you to enter the contest if you judge it to be
too costly to you.

>What I mean is that -- as a condition of AES participation -- rights
>had to be given up for the chosen submission.  What was actually given
>was an *option* on rights, just as one might take an option on land.
>But options are themselves worth something.  Requiring such an option
>as a condition of participation sounds like taking without
>compensation to me.  

Don't participate.  Then it isn't taking without compensation.  For those
that participate they are entirely free to sign over their rights provided
that they do so without coercion.

Most of your "constitutional argument" is invalidated simply by the fact
that there's nothing illegal or unconstitutional about waiving your rights.

>>What is the extent of the damage to you?
>
>Damage?  
>
>I suppose the damage here is that I became even more cynical and
>disgusted than before by the obvious political manipulations in what
>should have been a technical process.  Just Washington as usual, I
>guess, but that doesn't make it right.

I'd *love* it if I could sue the government based on my cynicism.

>I had been planning to participate in AES for years before AES was
>even proposed.  You can see work on my pages now about 5 years old
>which describes problems with DES and proposes alternatives.  I was
>one of the first to insist that a 64-bit block was too small.  By not
>participating I was naturally disappointed, but I feel more knifed in
>the back by my government than really caring about the "contest."  It
>is not a contest.   

It is not a contest that you care to enter, clearly.  And you're clearly
upset because you thought you'd get a whole lot of money out of possibly
winning the contest, and you won't.  The lottery isn't as rich as you
thought it was going to be, so you're not participating.  Here's the
world's smallest violin for you -> .

-- 
Lamont Granquist (lamontg@u.washington.edu)
looking for unix administration / security work


Subject: Re: AES and patent rights
Date: Tue, 29 Sep 1998 07:34:40 GMT
From: ritter@io.com (Terry Ritter)
Message-ID: <36108d59.28142960@news.io.com>
References: <6uoeli$1amu$1@nntp6.u.washington.edu>
Newsgroups: sci.crypt
Lines: 20


On 28 Sep 1998 16:48:50 GMT, in
<6uoeli$1amu$1@nntp6.u.washington.edu>, in sci.crypt
lamontg@bite.me.spammers wrote:

>[...]
>It is not a contest that you care to enter, clearly.  And you're clearly
>upset because you thought you'd get a whole lot of money out of possibly
>winning the contest, and you won't.  

Had you been around here when this all started, you would know that I
have never had any delusions about possibly *winning*.  I did have the
delusion that I would be able to *participate* without giving away my
second-born child.  

---
Terry Ritter   ritter@io.com   http://www.io.com/~ritter/
Crypto Glossary 1998-08-27: http://www.io.com/~ritter/GLOSSARY.HTM



Subject: Re: AES and patent rights
Date: Mon, 28 Sep 1998 20:23:14 GMT
From: jsavard@tenMAPSONeerf.edmonton.ab.ca (John Savard)
Message-ID: <360fecd4.17729575@news.prosurfr.com>
References: <360f47cb.22874233@news.io.com>
Newsgroups: sci.crypt
Lines: 53

ritter@io.com (Terry Ritter) wrote, in part:

>Entrant A has no intellectual property to speak of, so he has none to
>lose.  Entering (with the possibility of winning), therefore, is not
>costly to him.

>Entrant B does have intellectual property, established through a
>complex process of some cost, effort, and time.  Entrant B thus has
>property and investment to lose.  Entering, therefore, *is* costly to
>him.

>SO... entering is cheap for A, who has no property, and costly for B,
>who does.  

>Why is this hard to understand?

This point does have some validity in the current context, where a
surrender of patent rights is mandatory in the AES. I remember you
making this point earlier, when it was merely "preferred", and there I
found it hard, not to understand, but to believe.

Choosing the lowest bidder (including specifying in advance a maximum
amount one is prepared to pay) is not discrimination; and it looks
like that's what you're trying to argue.

Essentially, NIST is not in the business of awarding free publicity to
whoever has the best cipher algorithm. If that was what AES was about,
discrimination of the type you note would be unfair, since the
patented status of an algorithm is irrelevant to its merit.

What it is instead doing by means of the AES process is: searching for
a good cipher algorithm that the U.S. government can _use in practice_
for safeguarding unclassified but sensitive communications. And a
waiver of royalties with respect to use by parties other than the U.S.
government will further facilitate use of that same algorithm in
communications between the U.S. government and other parties (i.e.,
computerized filing of tax returns).

The free publicity is an incidental consequence of the AES process
meeting a goal of the U.S. government, it is not the purpose of the
thing from their point of view, however important it may be to the
entrants.

However, come to think of it, if we're talking about computerized
filing of tax returns, such an application will depend on the use of
public-key cryptography, still controlled by patents. Presumably, the
main effect of using a royalty-free symmetric algorithm will be to
increase the amount the holders of those patents are able to charge
while the application remains economically viable. So there is a valid
argument for discrimination of a sort...

John Savard
http://members.xoom.com/quadibloc/index.html


Subject: Re: AES and patent rights
Date: Tue, 29 Sep 1998 05:04:06 GMT
From: "Douglas A. Gwyn" <DAGwyn@null.net>
Message-ID: <36106A23.82C0D322@null.net>
References: <360f47cb.22874233@news.io.com>
Newsgroups: sci.crypt
Lines: 11

Terry Ritter wrote:
> There were many ways the government could have provided compensation
> to the largest computer company in the world, ranging from shifting
> government contracts to easing export.  None of this is necessarily
> cash on the barrel head, but it would be compensation.  From the right
> person, a wink and a nod would probably be sufficient.  We don't know.

When government officials get caught engaging in such illegal
procurement activities, the penalties can be severe.
If they didn't need to take that course, there would thus
be considerable incentive not to.


Subject: Re: AES and patent rights
Date: Tue, 29 Sep 1998 19:51:44 -0600
From: jgfunj@EnqvbSerrGrknf.pbz (W T Shaw)
Message-ID: <jgfunj-2909981951440001@dialup163.itexas.net>
References: <36106A23.82C0D322@null.net>
Newsgroups: sci.crypt
Lines: 27

In article <36106A23.82C0D322@null.net>, "Douglas A. Gwyn"
<DAGwyn@null.net> wrote:

> Terry Ritter wrote:
> > There were many ways the government could have provided compensation
> > to the largest computer company in the world, ranging from shifting
> > government contracts to easing export.  None of this is necessarily
> > cash on the barrel head, but it would be compensation.  From the right
> > person, a wink and a nod would probably be sufficient.  We don't know.
> 
> When government officials get caught engaging in such illegal
> procurement activities, the penalties can be severe.
> If they didn't need to take that course, there would thus
> be considerable incentive not to.

Are you naive enough to not see what goes on.  So much bidding is only
done to present the guise of a credible process.  I've seen some of the
worst of this sort of thing.  It is not pretty, but almost always gets
hushed up.  Under one set of circumstances, the company told me that it
just cost them lots of money to the right places, and it was all my fault
for calling attention to the fradulent activities.
-- 
----
Show me a politician who does not lie through his teeth,
and.....I'll show you one who can't find his dentures.
----
Decrypt with ROT13 to get correct email address.


Subject: Re: AES and patent rights
Date: Mon, 28 Sep 1998 13:25:01 GMT
From: schneier@counterpane.com (Bruce Schneier)
Message-ID: <360f8dcf.3312669@news.visi.com>
References: <360f0886.6675979@news.io.com>
Newsgroups: sci.crypt
Lines: 53

On Mon, 28 Sep 1998 03:57:06 GMT, ritter@io.com (Terry Ritter) wrote:

>
>On Mon, 28 Sep 1998 00:39:39 GMT, in <360ed738.1402804@news.visi.com>,
>in sci.crypt schneier@counterpane.com (Bruce Schneier) wrote:
>
>>>>[...]
>>>>NIST is not taking anything without compensation.  Everything is being
>>>>given freely.  You are not being compelled to submit and to give up
>>>>your rights.
>>>
>>>Indeed, I did not submit.  
>>>
>>>But *you* get to participate in a government-funded process which took
>>>nothing from you, but would take property from me.  
>>>
>>>This is a little more than "not being compelled to submit."
>>
>>What is AES process taking from you?  You were not compelled to
>>submit, so AES will not take your work away from you.  I know that you
>>patent your ideas, so if the eventual AES algorithm infringes on any
>>of your patents then you will demand your rights.  I don't see
>>anything of yours being taken away.
>
>Well, this is progress!  Now we're about halfway there:
>
>Clearly, if someone else used my work in their submission, I would
>"participate" in AES without loss to me.  My patents would still apply
>even if that design was selected.  
>
>But I could not *submit* *my* *own* *work* without loss of rights.
>
>This means that a government process -- one that should apply to me
>just the same as you -- would cost me *more* than it cost you.  This
>is just not equal protection under the law.  

Fascinating.

To me it looks like we were both given the same decision to make, and
you chose one path and I chose the other.  You believed that your
patent rights were worth more than NIST was willing to give you for
them.  I felt that my patent rights were worth less than the PR NIST
was offering.  I believe we were both treated fairly, since were
allowed to make the same decision under the same rules.

But clearly I don't understand constitutional law as well as you do.
Good luck with your suit.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com


Subject: Re: AES and patent rights
Date: Tue, 29 Sep 1998 07:38:05 GMT
From: ritter@io.com (Terry Ritter)
Message-ID: <36108e34.28361720@news.io.com>
References: <360f8dcf.3312669@news.visi.com>
Newsgroups: sci.crypt
Lines: 22


On Mon, 28 Sep 1998 13:25:01 GMT, in <360f8dcf.3312669@news.visi.com>,
in sci.crypt schneier@counterpane.com (Bruce Schneier) wrote:

>[...]
>To me it looks like we were both given the same decision to make, and
>you chose one path and I chose the other.  You believed that your
>patent rights were worth more than NIST was willing to give you for
>them.  

This is sort of a strange comment, isn't it?  It might even be the
basis for a sort of occupational joke, where a mathematician gets
"paid" with zero dollars and goes away satisfied!  Ha ha, very funny!

Had AES offered even token real compensation for these rights, you
might have a point.  They did not.

---
Terry Ritter   ritter@io.com   http://www.io.com/~ritter/
Crypto Glossary 1998-08-27: http://www.io.com/~ritter/GLOSSARY.HTM



Subject: Re: AES and patent rights
Date: Tue, 29 Sep 1998 09:52:37 GMT
From: amungedtempdog@munged.see.sig (A [Temporary] Dog)
Message-ID: <3610a518.969320@news.erols.com>
References: <36108e34.28361720@news.io.com>
Newsgroups: sci.crypt
Lines: 38

On Tue, 29 Sep 1998 07:38:05 GMT, ritter@io.com (Terry Ritter) wrote:

>
>On Mon, 28 Sep 1998 13:25:01 GMT, in <360f8dcf.3312669@news.visi.com>,
>in sci.crypt schneier@counterpane.com (Bruce Schneier) wrote:
>
>>[...]
>>To me it looks like we were both given the same decision to make, and
>>you chose one path and I chose the other.  You believed that your
>>patent rights were worth more than NIST was willing to give you for
>>them.  
>[...]
>Had AES offered even token real compensation for these rights, you
>might have a point.  They did not.

If you really believe that the prestige of wining the AES contest is
worth nothing, why do you care if you participate or not?  If the
prestige is worth something (to anyone), it is an offer of
compensation.  If it's worth nothing, then you have lost nothing by
not participating.  The AES contestants evidently believe that winning
the contest is worth something to them.  For some of them, prestige is
readily convertible to cash via increased charges for consulting work,
etc.

They made an offer (prestige for algorithm).  You chose not to accept
their offer.  Others did choose to accept their offer.  This is an
example of free trade.  The fact that their offer of payment is in
intangibles doesn't change that.  They didn't force you to participate
on their terms and you can't force them to participate on *your*
terms.  The fact that they are the government and not a business is
also irrelevent; it's still an example of free trade.


- A (Temporary) Dog            |"There are people who can
The Domain is *erols dot com*  |live and have many diverse
The Name is tempdog            |experiences and learn 
                               |nothing" - overheard
Put together as name@domain    |in record store


Subject: Re: AES and patent rights
Date: Tue, 29 Sep 1998 18:09:20 GMT
From: ritter@io.com (Terry Ritter)
Message-ID: <361121c4.4707551@news.io.com>
References: <3610a518.969320@news.erols.com>
Newsgroups: sci.crypt
Lines: 87


On Tue, 29 Sep 1998 09:52:37 GMT, in <3610a518.969320@news.erols.com>,
in sci.crypt amungedtempdog@munged.see.sig (A [Temporary] Dog) wrote:

>[...]
>If you really believe that the prestige of wining the AES contest is
>worth nothing, 

I do not so believe.


>why do you care if you participate or not?  

Well, I was disappointed.  But the reason I *care* is that I think it
is *wrong*.  


>If the
>prestige is worth something (to anyone), it is an offer of
>compensation.  

I disagree.  This idea of working for prestige demeans the creative
element and, indeed, work itself:

*  Perhaps writers should write for the privilege of being published. 
*  Perhaps actors should act for the privilege of being seen. 
*  Perhaps we all should work for praise alone.

Anyone deserves prestige for the quality of their work.  But they also
deserve to be compensated for *doing* the work.  Here the work is
design, and that work deserves compensation.  But AES rewards fall to
manufacturing, who get a design free.  So even though the whole point
of this will be to enable a profit-based industry of ciphering
hardware and software, there is no profit for the designers.  This
demeans cipher designers in general, and (what a surprise!) acts to
prevent a profit-based industry of cipher design.  


>If it's worth nothing, then you have lost nothing by
>not participating.  

Some people here have been implying that I lost out by not
participating.  They may be right.  I do not feel that way now.


>The AES contestants evidently believe that winning
>the contest is worth something to them.  

I am sure it would be.


>For some of them, prestige is
>readily convertible to cash via increased charges for consulting work,
>etc.

Yes.  That would be somewhat more difficult in my case.  


>They made an offer (prestige for algorithm).  

Silly me, but I would say that it is not NIST that provides prestige,
but rather the content of each proposal.  In my view, simply being
associated with NIST is either of no prestige at all, or is negative.



>You chose not to accept
>their offer.  Others did choose to accept their offer.  This is an
>example of free trade.  The fact that their offer of payment is in
>intangibles doesn't change that.  

I believe it does.


>They didn't force you to participate
>on their terms and you can't force them to participate on *your*
>terms.  The fact that they are the government and not a business is
>also irrelevent; it's still an example of free trade.

Government is bound by different rules.  In AES I believe government
stepped over the line.  

---
Terry Ritter   ritter@io.com   http://www.io.com/~ritter/
Crypto Glossary 1998-08-27: http://www.io.com/~ritter/GLOSSARY.HTM



Subject: Re: AES and patent rights
Date: 29 Sep 1998 14:23:21 -0500
From: juola@mathcs.duq.edu (Patrick Juola)
Message-ID: <6urc39$13i$1@quine.mathcs.duq.edu>
References: <361121c4.4707551@news.io.com>
Newsgroups: sci.crypt
Lines: 44

In article <361121c4.4707551@news.io.com>, Terry Ritter <ritter@io.com> wrote:
>>If the
>>prestige is worth something (to anyone), it is an offer of
>>compensation.  
>
>I disagree.  This idea of working for prestige demeans the creative
>element and, indeed, work itself:
>
>*  Perhaps writers should write for the privilege of being published. 
>*  Perhaps actors should act for the privilege of being seen. 
>*  Perhaps we all should work for praise alone.
>
>Anyone deserves prestige for the quality of their work.  But they also
>deserve to be compensated for *doing* the work.

Wrong, sir!

Anyone deserves prestige for the quality of their work.  If they
choose to work for prestige alone, then (by their own choice),
that's possibly all the compensation that they get.  The world is
full of small theatrical productions with amateur actors, putting
on plays written by non-professionals, in many cases doing it simply
for the love of the work as well as for the exposure and the publicity.

If you're good enough -- and well enough known -- to be able to demand
additional compensation for your work, then I congratulate you.  But
you can't demand that I pay more than I'm willing to pay, especially
if there are demonstrably others who are willing to work merely
for the praise and exposure.

>  Here the work is design, and that work deserves compensation.

And the designers get their compensation in the prestige and
exposure from having their candidate algorithms considered.

Perhaps you don't want to work on those terms.

So, don't.

But anyone else who wishes to is free to -- and will reap the
appropriate rewards.  That's part of the choice they, and you, 
made, going into the competition (or not).

	-kitten


Subject: Re: AES and patent rights
Date: Tue, 29 Sep 1998 20:38:05 GMT
From: "Douglas A. Gwyn" <DAGwyn@null.net>
Message-ID: <36114507.6025232C@null.net>
References: <361121c4.4707551@news.io.com>
Newsgroups: sci.crypt
Lines: 12

> >They made an offer (prestige for algorithm).
Terry Ritter wrote:
> Silly me, but I would say that it is not NIST that provides prestige,
> but rather the content of each proposal.  In my view, simply being
> associated with NIST is either of no prestige at all, or is negative.

Prestige is awarded by others, not by yourself.
Consider:
	(A) "My system was selected as the replacement for DES."
	(B) "I have a better algorithm than AEA."
I think most people are more impressed by the first claim,
which has the merit of being easy to verify.


Subject: Re: AES and patent rights
Date: 30 Sep 1998 03:54:52 GMT
From: jpeschel@aol.com (JPeschel)
Message-ID: <19980929235452.29773.00004008@ng137.aol.com>
References: <361121c4.4707551@news.io.com>
Newsgroups: sci.crypt
Lines: 23


 ritter@io.com (Terry sour grapes Ritter) writes:

>*  Perhaps writers should write for the privilege of being published. 
>*  Perhaps actors should act for the privilege of being seen. 
>*  Perhaps we all should work for praise alone.
>
Crazy man -- can you dig it! When do we do zap the capitalist system
into a blue way-gone haze?

Jack Kerouac

oh yeah,  Joe says  -- go here, too...cool...



__________________________________________

Joe Peschel 
D.O.E. SysWorks					
http://members.aol.com/jpeschel/index.htm
__________________________________________



Subject: Re: AES and patent rights
Date: Wed, 30 Sep 1998 14:55:05 +0900
From: "Lenz" <lenz@als.aoyama.ac.jp>
Message-ID: <6ushf2$lao@enews2.newsguy.com>
References: <361121c4.4707551@news.io.com>
Newsgroups: sci.crypt
Lines: 30


Terry Ritter wrote in message <361121c4.4707551@news.io.com>...

>Government is bound by different rules.  In AES I believe government
>stepped over the line.


Is there a rule in American law which prevents NIST from doing what they
did? If so, in what law? Looking at an article at lawlinks.com/beck.html my
impression is that both options are possible. Certainly the people at NIST
should know about any restricting rule if there is one, since the patent
question seems to be important in just about any standardization process.

If a government standard adopts patented technology, that would be
government influence on the market competition. The job of the government is
to stop restrictions of market competition, not to take part in them. So I
think that a government standard should avoid patented technology.

Any compensation for cipher design needs to come from winning in the
marketplace, not in AES. Since many good ciphers are available for free,
anyone wanting to charge for cipher design needs to beat major league teams
as NTT and IBM, as well as many other serious players. Not participating in
AES does not stop anyone from trying to do so. That means that any lack of
compensation is just an indication of failure in the marketplace, which you
probably would not want to claim for your designs.

Karl-Friedrich Lenz :-)
www.toptext.com/crypto/




Subject: Re: AES and patent rights
Date: Wed, 30 Sep 1998 08:11:26 GMT
From: bryanolson@my-dejanews.com
Message-ID: <6usp3c$o3l$1@nnrp1.dejanews.com>
References: <361121c4.4707551@news.io.com>
Newsgroups: sci.crypt
Lines: 22

Terry Ritter wrote:

> Anyone deserves prestige for the quality of their work.  But they also
> deserve to be compensated for *doing* the work.  Here the work is
> design, and that work deserves compensation.

Actually we pay what we have to, to get what we want.
No one advertises by saying he deserves the money.  NIST
correctly predicted that the worlds best cryptographers
would offer top quality designs for free.  It's not a
government decree that pushed the monetary price of
symmetric ciphers to zero; it's competition.

Very few people were paying for symmetric ciphers before
the AES announcement.  The market had spoken and NIST
listened.

--Bryan


-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/rg_mkgrp.xp   Create Your Own Free Member Forum


Subject: Re: AES and patent rights
Date: Wed, 30 Sep 1998 14:25:58 GMT
From: nospam@pd.jaring.my (Lincoln Yeoh)
Message-ID: <36123b24.4347337@nntp.jaring.my>
References: <361121c4.4707551@news.io.com>
Newsgroups: sci.crypt
Lines: 36

On Tue, 29 Sep 1998 18:09:20 GMT, ritter@io.com (Terry Ritter) wrote:
>
>>They didn't force you to participate
>>on their terms and you can't force them to participate on *your*
>>terms.  The fact that they are the government and not a business is
>>also irrelevent; it's still an example of free trade.
>
>Government is bound by different rules.  In AES I believe government
>stepped over the line.  
>

I see AES as a crypto donation drive- "Donate Decent Crypto to the World".
You can't give and keep at the same time. If you want to keep, you can't
qualify. 

You are still free to charge for your crypto. It won't be the world famous
free AES but it'll still be yours and you'll get to keep it.

I don't see how you have been wronged. How has the Gov stepped over the
line? 

Hmm, I haven't complained to the blood donating organisers that it is wrong
to tell willing donors beforehand that if their blood is suitable they have
to give it for free.

What would be wrong if they purposely selected bad or flawed crypto. That
is my worry - how would we know? Perhaps the NSA have figured out the flaws
in all the free stuff out there? Pure speculation of course. 

Link.

****************************
Reply to:     @Spam to
lyeoh at      @people@uu.net
pop.jaring.my @ 
*******************************


Subject: Re: AES and patent rights
Date: Wed, 30 Sep 1998 20:39:55 -0500
From: "Stephen M. Gardner" <gardner@metronet.com>
Message-ID: <3612DD6B.93586E63@metronet.com>
References: <361121c4.4707551@news.io.com>
Newsgroups: sci.crypt
Lines: 103

Terry Ritter wrote:
> I disagree.  This idea of working for prestige demeans the creative
> element and, indeed, work itself:
	I'm really amazed at this statement. The vast majority of creative
people outside of entrepreneurial engineering sorts would think you have
it completely upside down. Many would say that when you do something
just for money you cheapen it. After all, when you have the talent it
just has to come out whether someone is willing to pay or not.  Many
artists work for the simple joy of creating.  You really have to talk to
more artists and actors.  The really good ones live for their art and do
what they can to survive.  Often they are not "rewarded" until after
death. There is a great line in an old Charles Aznavour song "La Boheme"
that talks about this:


	Dans les cafes voisins, nous etions quelques uns qui attendions la
gloire.
	Et, bien que misereux, avec le ventre creux, nous ne cessions d'y
croire.
	Et, quand quelque bistro, contre un bon repas chaud nous prenait une
toile.
	Nous recitions des vers groupe autours du poele en oubliant l'hiver. .
.

	In the neighborhood cafes, there were a few of us expecting glory.
	And, even though we were destitute, with our bellies empty, we never
stopped 
		believing.
	And when a bistro took one of our canvases in exchange for a hot meal.
	We sat around the stove reciting poetry, forgetting the winter. . . 
	
Perhaps I'm a hopeless romantic but I find this easy to understand.  In
fact, I can get downright misty eyed about this song if it is cold out
and I'm drinking a nice French red. ;-) And it's not just artists
either. Don't forget that Einstein never made a lot of money off of his
amazing creativity.  I think he would have considered it crass and
bourgeois. He did his best work while working at a deadly boring job in
the Swiss Patent Office.  He didn't get a red cent for "On the
Electrodynamics of Moving Bodies" but it made him the most famous man in
the world a few years later.  I don't think he would understand the late
20th century Texas entrepreneur very well. ;-)


>Perhaps writers should write for the privilege of being published.
	They often do until they are discovered.  

>Perhaps actors should act for the privilege of being seen.
	Does Summer Stock mean anything to you?

>Perhaps we all should work for praise alone.
	Terry, I'm sorry but I think you sound petulant and spoiled here.
Giving a single algorithm to the public domain could have had great
benefits.  It makes you sound very spoiled and childish to be
complaining this way.  I bet Linus Torvalds isn't sorry that Linux is in
the public domain. There is an ol' boy that could get a job anywhere in
the world.  


> Anyone deserves prestige for the quality of their work.  But they also
> deserve to be compensated for *doing* the work.  Here the work is
> design, and that work deserves compensation. 
	You need to talk to more creative people outside of engineering.
Actors, writers, poets, painters, sculptors they all do a lot of their
best work for pennies or nothing at all until they get famous. 

> Some people here have been implying that I lost out by not
> participating.  They may be right.  I do not feel that way now.
	Then you should be happy.  You didn't get taken in by that facile
fraud. ;-)

> Silly me, but I would say that it is not NIST that provides prestige,
> but rather the content of each proposal.  In my view, simply being
> associated with NIST is either of no prestige at all, or is negative.
	Perhaps some of your failure to thrive economically is due to a
misunderstanding of your market.  I think most of your potential
customers would beg to differ here.  And here is a little fact for you
about capitalism: it doesn't matter one whit whether your customers are
right in their appreciation of the NIST or not.  If they have money,
want tons of shit and you have shit to sell then you are a good business
man. I think perhaps you have a hard time figuring out whether you want
to be a business man or an "artiste". ;-)  Charles Aznavour might
understand. ;-)


> >They didn't force you to participate
> >on their terms and you can't force them to participate on *your*
> >terms.  The fact that they are the government and not a business is
> >also irrelevent; it's still an example of free trade.
> 
> Government is bound by different rules.  In AES I believe government
> stepped over the line.
	That is your perogative.  The nice thing about living in relative
freedom is that you get to believe that about government without being
dragged off in the night.  I happen to believe differently in this
particular point. And sadly for you I think your potential customers are
on a different wavelength too.


-- 
Take a walk on the wild side: http://www.metronet.com/~gardner/
Still a lot of lands to see but I wouldn't want to stay here, 
it's too old and cold and settled in its ways here.
			Joni Mitchell ("California")


Subject: Re: AES and patent rights
Date: 1 Oct 1998 13:43:58 GMT
From: mdw@catbert.ebi.ac.uk (Mark Wooding)
Message-ID: <slrn7171ot.8vf.mdw@catbert.ebi.ac.uk>
References: <361121c4.4707551@news.io.com>
Newsgroups: sci.crypt
Lines: 25

Terry Ritter <ritter@io.com> wrote:

> I disagree.  This idea of working for prestige demeans the creative
> element and, indeed, work itself:
> 
> *  Perhaps writers should write for the privilege of being published. 
> *  Perhaps actors should act for the privilege of being seen. 
> *  Perhaps we all should work for praise alone.
> 
> Anyone deserves prestige for the quality of their work.  But they also
> deserve to be compensated for *doing* the work.

I do lots of things I enjoy.  One of them is writing software.  Another
is administrating Unix systems.  Yet another is writing low-quality
poetry.

If I could, I'd do them all for the joy of it.  It's a cause of
annoyance to me that this isn't possible.  So I have to do a job in
order to have enough money to do the things I like doing.  Lucky me: my
job involves doing at least one of the things I like doing anyway.

Creativity exists because, fundamentally, people enjoy being creative.
That ought to be enough.  It's a real shame it isn't.

-- [mdw]


Subject: Re: AES and patent rights
Date: Thu, 01 Oct 1998 11:28:33 -0600
From: jgfunj@EnqvbSerrGrknf.pbz (W T Shaw)
Message-ID: <jgfunj-0110981128330001@dialup81.itexas.net>
References: <slrn7171ot.8vf.mdw@catbert.ebi.ac.uk>
Newsgroups: sci.crypt
Lines: 32

In article <slrn7171ot.8vf.mdw@catbert.ebi.ac.uk>, mdw@ebi.ac.uk wrote:
> 
> Creativity exists because, fundamentally, people enjoy being creative.
> That ought to be enough.  It's a real shame it isn't.
> 
Perhaps people who can be especially creative in a particular field that
produces worthwhile technology should be supported by those who are not
particularily creative themselves.  Boy, that sound's like lots of
*commercial* enterprises.

If patents are truely justified, they should simply be issued and not need
to be serviced.  To do otherwise is to punish and discourage individual
initiative.  Too often this is simply done to keep upstarts from entering
the market, rather an unAmerican thing to do.  Consider the willing
involvement by big buisiness for targeted subversion of the intellectual
property area.

When it comes to crypto, some other areas too, things are twisted upside
down from the classic, nice talk about free enterprise, so the government
becomes the fixer, manipulator, and irreverant boss who ultimately selects
blesses the commercial endeavors that submit to the rules.  This is an old
and not too pretty pattern that is hard to defeat out of habit.

Cut the payola, the bribes, which is a Constitutional sanctioned trigger
for impeachment of elective and certain appointed governmental officials,
and the processes would be cleaner.  So much else is mere cookiework.
-- 
----
Show me a politician who does not lie through his teeth,
and.....I'll show you one who can't find his dentures.
----
Decrypt with ROT13 to get correct email address.


Subject: Re: AES and patent rights
Date: Tue, 29 Sep 1998 19:49:22 GMT
From: "Douglas A. Gwyn" <DAGwyn@null.net>
Message-ID: <3611399D.9643C097@null.net>
References: <3610a518.969320@news.erols.com>
Newsgroups: sci.crypt
Lines: 14

A [Temporary] Dog wrote:
> If you really believe that the prestige of wining the AES contest is
> worth nothing, why do you care if you participate or not?

I think a key (tacit) element in Terry's reasoning
is that AES will be widely used, even mandatory in some cases,
displacing commercial systems that might have been used instead.

My immediate response is that without AES, we'd be seeing
either 3DES or some NSA ISSO-devised system instead,
which would still be free etc.

If AES had resulted in a mandatory-federal-use commercial
product, now *that* might reasonably be viewed as unfair.


Subject: Re: AES and patent rights
Date: Wed, 30 Sep 1998 13:35:51 GMT
From: "Joseph K. Nilaad" <jknilaad@ssd.bna.boeing.com>
Message-ID: <361233B7.5E20@ssd.bna.boeing.com>
References: <3610a518.969320@news.erols.com>
Newsgroups: sci.crypt
Lines: 32

A [Temporary] Dog wrote:
> 
> If you really believe that the prestige of wining the AES contest is
> worth nothing, why do you care if you participate or not?  If the
> prestige is worth something (to anyone), it is an offer of
> compensation.  If it's worth nothing, then you have lost nothing by
> not participating.  The AES contestants evidently believe that winning
> the contest is worth something to them.  For some of them, prestige is
> readily convertible to cash via increased charges for consulting work,
> etc.
> 
> They made an offer (prestige for algorithm).  You chose not to accept
> their offer.  Others did choose to accept their offer.  This is an
> example of free trade.  The fact that their offer of payment is in
> intangibles doesn't change that.  They didn't force you to participate
> on their terms and you can't force them to participate on *your*
> terms.  The fact that they are the government and not a business is
> also irrelevent; it's still an example of free trade.
> 
I see.  What if Boston marathon gives only the trophy and no other 
incentives, I wonder how many world class runners would participate?  
I do agree with you that nobody forces anybody to part