Re: [VANILLA-LIST:2106] PGP version vs US RSA version

[Dave Ahn <ahn@vec.wfubmc.edu>]

On Mon, Mar 15, 1999 at 12:16:44PM -0600, Bob Tanner wrote:
> Quoting Dave Ahn (ahn@vec.wfubmc.edu):
> > On Sun, Mar 14, 1999 at 07:53:35PM -0600, Bob Tanner wrote:
> > > Can we just switch and use the European PGP version for the Vanilla
> > > server rather then trying to support to RSA code bases?
> > 
> > No, it's illegal to use the European version of PGP in the U.S.  Check
> > the crypto FAQ and the PGPi FAQ for details.
> 
> Seriously?

Yes.  RSA Labs has a US (but not European) patent on the RSA algorithms.
As such, any implementation of RSA used in the US needs a license from RSA
Labs.  Since the European version of RSA was not developed by RSA, it cannot
be used legally inside the US.  That is why PGPi is illegal in the U.S. unless
you turn off RSA support.

> So all the linux people sucking down the pgp-5.0 stuff from
> ftp.replay.com are breaking the law. :-)

PGP-5.0 is fine, PGPi-5.0 without RSA should be (afaik) fine.  PGPi-5.0 with
RSA is not.

It's been a while since I looked at the RSA situation.  I recall that the
RSA patent was expiring soon, after which using the European version of RSA
might be legal in the US.  Hmm...time to refresh my memory...

> Dave, how can I send you the changes to the US RSA code so:
> 
> 1) You can check it out my changes
> 2) Crypt it and put it on ftp.netrek.org
> 3) Give Carlos(?) the crypt key

> Mail it pgp-encrypted?

Yeah.  I'll merge it with changes I made, then put it out.  I have both
your and Carlos' public keys.

Dave
-- 
Dave Ahn <ahn@vec.wfubmc.edu>        |  "When you were born, you cried and the
                                     |  world rejoiced.  Try to live your life
Virtual Endoscopy Center             |  so that when you die, you will rejoice
Wake Forest Univ. School of Medicine |  and the world will cry."  -1/2 jj^2