LISTSERV - HP3000-L Archives

HP3000-L Archives

November 1996, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L November 1996, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: RSA 3k Port Business Case
From:	Chris Bartram <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 21 Nov 1996 13:46:37 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (65 lines)

 In <[log in to unmask]> [log in to unmask] writes:

> I have been interested in having the RSA Security Toolkits (BSAFE, etc)
> available for the 3k platform as callable routines from both mpe and
> posix land. They have ports for various desktop platforms, unix
> and dec/vms. But, alas no 3k mpe/posix port. Supposedly the code is
> written in 'c', so a port is possible.

I've also talked to RSA in the past about much the same thing;

> A brief synopsis of my discussions with RSA:
>
> 1. They charge 1500/day for engineer time (for the porting effort).

-they also told me that due to "higher priority items" that engineer
 time wouldn't be available in the forseeable future even if we did want
 to pay for it. Oh, and we'd need to provide them with a 3000 to do the
 port.

> 2. They need a business case for doing a port to another platform.
> 3. You can buy a source code license for your own port and use within
>    your products (very large $$$ for this option).

-about $50,000 if I remember correctly.

> Then I thought some more and have come to the conclusion that I need
> to do a little more background work on this issue. So, let me summarize
> where I'm at, at this point in time. I would be interested in hearing
> from anyone else on this topic.
>
> Summary [and a sad summary it is ;-)]

[summary snipped]

 From what I understand, you can basically write the code yourself from
published specs, but if you use part of the techniques that RSA owns patents
for, you'll have to pay them royalty payments. BTW, when I inquired about
getting their toolkits ported; even if they WERE ported, they still wanted
something like $150 per USER (their licensing policies did not take into
account multiuser systems like 3000s; their initial thoughts was that if
the operating system allowed 'x' users, you'd have to license 'x' users for
their software if their package was to run on that machine at all). Not very
cost effective in most cases.

 Further notes; RSA owns patents on public-key encryption techniques; if you
plan to do anything using public-key encryption, figure on having to pay up
to RSA. However, the most powerful one-way encryption algorythms out (DES and
its variations) are public domain and the publicly available source code
compiles relatively easily on a 3000. Of course, the big caveat, is that for
US vendors/customers, you can't provide any software that uses DES and key
sizes>40 bits (<56 bits is easily breakable so why bother?) to any site
outside the US/Canada. Violating this brings the state department down on
you, as such code is classified as munitions, and effectively makes you an
"arms dealer". Just the thought of this scares most companies out of even
thinking about dealing with it.

 As an e-mail vendor, we're particularly interested in encryption technology
and try to follow the goings on. All the state-of-the-art encryption stuff
going on today revolves around public key technology though. However, RSA's
patent on public-key encryption techniques (the general one I believe)
expires in April 1997, and after that will be public domain. Personally, I
think I'll wait til it's public domain and do something with it then.

                        -Chris Bartram

ATOM RSS1 RSS2

RAVEN.UTC.EDU