From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Wed, 30 Apr 1997 21:59:40 GMT Lines: 63 Message-ID: <3367c046.17037876@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <33669857.11517059@nntp-1.io.com> <E9Gny5.78B@cruzio.com> <this post apparently failed the first time around> On Wed, 30 Apr 1997 17:15:41 GMT, in <E9Gny5.78B@cruzio.com> in sci.crypt schlafly@bbs.cruzio.com wrote: >In article <33669857.11517059@nntp-1.io.com>, ritter@io.com (Terry Ritter) writes: >> Personally, I doubt that a government standardization process *can* >> legally require intellectual property "free and clear," or even have a >> bias against patents to *any* extent whatsoever. > >It can and it does. When the govt promotes a standard, it has an >interest in having one that anyone can use. A patent is just the >opposite -- it prevents people from using it. Therefore the govt >has a preference for standards that are available to anyone. The government has in interest in assuring that a patent used in a standard will not be used to favor one player against another. Thus, patents are usually required to be made available on something like a "non-discriminatory basis." Once this is assured, patented technology is made "available to everyone" in pretty much the same way that a Copyrighted book is made "available to everyone." Which is to say, available to those who can afford it. We do not see authors being required to contribute *their* work to the public domain. In practice, this fear of licensing is nonsense for manufacturers, who license things all the time, and individuals are rarely an issue. So the problem is those people who are in business making money (or even just reputation) with the stuff, but yet for some reason cannot stand to return any part of their profits to those who have made the profits possible. *This* is odd. No patent holder is going to price himself out of the market, nor will the holder of a standardized patent price it beyond maximum profit, which is to say, widespread use. It *will* mean that the manufacturers will not get every dime they can get their hands on. Big deal. >> I doubt than *any* author would consider it reasonable to simply >> *contribute* their copyright to the public domain if their book should >> be selected for publication. But apparently some authors feel free >> suggest that patent-holders should contribute *their* work, without >> any feeling of hypocrisy whatsoever. Odd. > >You may think it is odd, but there are a huge number of >standards, and nearly all of them are in the public domain. Most standards are defined by *private* standards organizations, which give various weights to various things. And, of course, most standards are old. But even most private standards organizations require only that patented technology be made available on a non-discriminatory basis. They generally do *not* require that standards be based on public-domain technology, or that patents for standards be contributed to the public domain. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Wed, 30 Apr 1997 00:56:11 GMT Lines: 61 Message-ID: <33669857.11517059@nntp-1.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <1997Apr2718.21.49.26877@koobera.math.uic.edu> <schneier-ya023080002704972002550001@news.visi.com> <336517f7.852271@nntp.netcruiser> <wtshaw-2904971010130001@207.101.116.61> On Tue, 29 Apr 1997 10:10:13 -0600, in <wtshaw-2904971010130001@207.101.116.61> in sci.crypt wtshaw@itexas.net (W T Shaw) wrote: >In article <336517f7.852271@nntp.netcruiser>, seward@netcom.ca (John >Savard) wrote: >> >> The AES process is not likely to bring a new, original, and superfast >> encryption method out of the woodwork; the people who are developing >> those, in private industry, still hope to make a few bucks from them. > >That is where a proprietary implementation phase is so important, to allow >for some return. I would think such would encourage the best possible >support in a semi-free market of various platforms and uses. You were there, and I was not, but I think you should be cautious about this. My understanding of the proposed "proprietary implementation phase" is that companies would get the complete cipher specifications free and clear. This would allow every company to then compete in the marketplace with their particular trade-secret implementation. Clearly, this would not reward investment in cryptographic Research and Development (R&D), and would mean nothing at all to the cipher designer. >Back to the submission level, I understand that the government wants >everything free and clear, but is it reasonable for many to try to deliver >on that basis? It might not make much of a difference to some, but others >would like to cover expenses, whether in actual dollars or time. Personally, I doubt that a government standardization process *can* legally require intellectual property "free and clear," or even have a bias against patents to *any* extent whatsoever. My guess is that similar disputes have played out many times before, and there are probably laws and rules about intellectual property and government standards. But then I'm no lawyer. >Would it be justified to encourage algorithm submissions with prize >money? That would likely produce many more entries, some good ones that >would have never been seen, along with some surefire losers as well. It would have to be one heck of a prize to give up the highest achievements of a decade of research. >And, there are patents out there that might be important in making a good >AES. Certainly, those folks had a financial involvement in getting them. I doubt than *any* author would consider it reasonable to simply *contribute* their copyright to the public domain if their book should be selected for publication. But apparently some authors feel free suggest that patent-holders should contribute *their* work, without any feeling of hypocrisy whatsoever. Odd. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Fri, 02 May 1997 06:21:57 GMT Lines: 73 Message-ID: <33697d48.8259943@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <schneier-ya023080000105971437140001@news.visi.com> <E9Isqt.u9@cruzio.com> On Thu, 1 May 1997 20:54:29 GMT, in <E9Isqt.u9@cruzio.com> in sci.crypt schlafly@bbs.cruzio.com wrote: > >>> Terry Ritter ritter@io.com http://www.io.com/~ritter/ >>> But even most private standards organizations require only that >>> patented technology be made available on a non-discriminatory basis. >>> They generally do *not* require that standards be based on >>> public-domain technology, or that patents for standards be contributed > >But they prefer public domain technologies. No, they do not. In fact, they carefully *avoid* having a preference. Here is part of the ANSI Patent Policy referred to in the AES announcement: 1.2.11. ANSI Patent Policy - Inclusion of Patents in American National Standards There is no objection in principle to drafting a proposed American National Standard in terms that include the use of a patented item, if it is considered that technical reasons justify this approach. If the Institute receives a notice that a proposed American National Standard may require the use of a patented invention, the procedures in sections 1.2.11.1 through 1.2.11.4 shall be followed. 1.2.11.1. Statement from Patent Holder Prior to approval of such a proposed American National Standard, the Institute shall receive from the identified party or patent holder (in a form approved by the Institute) either: assurance in the form of a general disclaimer to the effect that such party does not hold and does not currently intend holding any invention whose use would be required for compliance with the proposed American National Standard or assurance that: (1) A license will be made available without compensation to applicants desiring to utilize the license for the purpose of implementing the standard; or (2) A license will be made available to applicants under reasonable terms and conditions that are demonstrably free of any unfair discrimination. [...] >Neither I nor anyone else in this thread suggested that you be >required to give away your technology. If you don't want anyone >using your technology, just don't submit it for the AES. You should be ashamed to make this argument. I have as much right as anyone to participate in a government standards process. The freedom to participate only if I give up my property rights is no freedom at all. And this would require me to pay to participate in a government action that non-property holders enter for free. Similarly, the freedom to participate in a government standards process which is biased *against* those who do *not* give up their property rights is also not freedom, not equal treatment under the law, and would fairly cry out for judicial review. In any case, it just makes good sense to use the best technology available. If that turns out to be patented technology, then so be it. This would not be the end of the world as you know it. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Fri, 02 May 1997 07:22:32 GMT Lines: 123 Message-ID: <33698978.11380152@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <1997Apr2718.21.49.26877@koobera.math.uic.edu> <schneier-ya023080002704972002550001@news.visi.com> <336517f7.852271@nntp.netcruiser> <wtshaw-2904971010130001@207.101.116.61> <33669857.11517059@nntp-1.io.com> <33674c63.972666@nntp.netcruiser> <schneier-ya023080000105971437140001@news.visi.com> On Thu, 01 May 1997 14:37:14 -0500, in <schneier-ya023080000105971437140001@news.visi.com> in sci.crypt schneier@counterpane.com (Bruce Schneier) wrote: >In article <33674c63.972666@nntp.netcruiser>, seward@netcom.ca (John >Savard) wrote: > >> ritter@io.com (Terry Ritter) wrote: >> >> >I doubt than *any* author would consider it reasonable to simply >> >*contribute* their copyright to the public domain if their book should >> >be selected for publication. But apparently some authors feel free >> >suggest that patent-holders should contribute *their* work, without >> >any feeling of hypocrisy whatsoever. Odd. >> >> You have now made yourself clearer, and Bruce can't complain that what >> you've just said is an insult to his book. Of course, he might insult >> your algorithms by replying that they're not the ones he wants to grab >> for free... > >Insulting someone it not the point. Good. Except that demeaning someone's property is inherently a personal insult. Stop it now. >Ritter feels that his algorithms are so >good that he should be paid for them. Nope. I feel that if someone wants to benefit from my technology, they should help cover development costs and a small profit like any other business transaction. I have developed and patented and so do own ciphering technology which can have significant advantages in some applications. >That's fine. The marketplace can >speak for itself. Really? Here is the advice you gave to NIST in message <schneier-ya023080002302971531110001@news.visi.com>: #[...] # "Patented algorithms should not be considered, unless the # patent-holder is willing to grant free world wide rights as IBM did # with DES." The quote is curiously inconsistant with the claim. >[...] >I feel the smart move is to give the encryption algorithm away and try >to leverage the publicity. I did that with Blowfish, which is why Ritter >is forced to make bizarre comparisons between publishing and cryptography. >(And I've given away various essays on the net, so the comparison makes >even less sense. But whatever.) These so-called "bizarre" comparisons between Copyright and Patent are a direct result of Schneier -- who makes money by *not* giving his book content away -- advocating that NIST should *require* or *coerce* patent holders to give *their* work away. This is not just bizarre, it is odious. >[...] >However, I know several research labs who would simply give >their algorithms away for AES. If any company *wants* to give away their work for free, who can possibly complain? But *that* is not the issue. Instead, Schneier has advocated that any company which does *not* want to give their work away should nevertheless be *forced* to do so if they wish to compete, or *coerced* to do so if they wish to win. >I don't REQUIRE that everyone give >their algorithms away. At first glance we have Schneier's simple definitive statement, but how can we reconcile that with his actual advice to NIST: # "Patented algorithms should not be considered, unless the # patent-holder is willing to grant free world wide rights as IBM did # with DES." Just what part of "should not be considered" do we not understand? >But there will be a plethora of secure and free >algorithms to choose from, so I expect that those who think they will >be getting royalties from their algorithm will just go away mad. If this is directed against me, I can only say that I personally doubt that *any* individual could possibly win. In this context, perhaps the best an individual could hope for would be simply to be taken seriously. On the other hand, I believe I have a competitive design with valuable unique features, and if it is *not* taken seriously, I might indeed get mad and consider my options. >If there are no free algorithms, we will be forced to use a proprietary one. Wrong. The first order of business is *not* to decide whether you can steal someone else's work. I expect that NIST will make this explicitly clear in their forthcoming rules. Otherwise, their public meeting has unfortunately already set them up for court challenge. >Luckily, that won't happen. Indeed, I am confident that it will *not* happen, because any bias against patents in government standards is wrong and will not be allowed to occur. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Sun, 04 May 1997 21:31:29 GMT Lines: 99 Message-ID: <336cf698.2295934@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <33674c63.972666@nntp.netcruiser> <schneier-ya023080000105971437140001@news.visi.com> <33698978.11380152@news.io.com> <5kdpmg$lgg@joseph.cs.berkeley.edu> On 2 May 1997 15:26:24 -0700, in <5kdpmg$lgg@joseph.cs.berkeley.edu> in sci.crypt daw@joseph.cs.berkeley.edu (David Wagner) wrote: > >In article <33698978.11380152@news.io.com>, Terry Ritter <ritter@io.com> wrote: >> >> Good. Except that demeaning someone's property is inherently a >> personal insult. Stop it now. >> > >You know, this is the sort of perspective that can lead to really bad >science. When scientists get so caught up in their own work that they >feel personally insulted by scientific criticism of their theories, >the free flow of ideas is interrupted. Oh, please. There has been no scientific criticism, and I can hardly be insulted by what does not exist. Schneier's attitude seems to be "those ciphers are patented, so nobody should pay any attention to them," which is not just *UN* scientific, it is actually *ANTI* scientific. It does seem odd that you would concentrate on the first which has *not* happened and ignore the greater offense of the latter, which *has*. If you really want to know the background, go to the previous postings in this thread. Read them. >The fact remains that, all other things being equal, most people will >probably prefer free unencumbered technology over a patented standard, >and that's not in any way an attempt to demean or insult you. All things being equal, most people want a cipher which needs no initialization, is infinitely fast, uses no resources, is universally applicable and is guaranteed unbreakable forever. Oddly, some compromises may have to be made. The way to do this is *not* to start out saying -- as Schneier has said -- that patented ciphers should not be considered. I note that there has been oh-so-much concern about the cost of a patented cipher standard, but none at all about the cost of a copyrighted book. If AC were *not* copyrighted, other publishers could copy the pages and produce an equivalent product for half the cost or even less. This difference is a Government-protected added cost to every buyer, yet nobody complains about the use of Copyright to protect the effort of writing a book. Do people think original cipher technology grows on trees and so deserves less protection? And nobody but me complains about the arrogance of someone assuming that government exists to protect *their* rights, but *not* the rights of others. I want to know just how much *less* it will cost the consumer to have *un* patented technology. Will the consumer really *see* a price difference? Or is all this really just about the existing cipher manufacturers who don't want to have to do anything they didn't have to do with DES? The Government-supported extra cost that each buyer of AC must pay would almost certainly pay for multiple patent licenses. One of my ciphering approaches is particularly valuable in hardware, where it is especially fast and efficient. Let's assume that someone like me *does* have a new idea: If we start out by throwing this away *because* it is patented, we can easily end up with something *less* efficient and *more* costly than the patented approach. In this sense, a patented cipher actually can be *cheaper* than a free alternative. But we don't know that until we set aside our preconceptions. In such an uncertain coarse trade which presents no guaranteed marketplace advantage, we need to wonder about someone who claims this to be an appropriate course of action. >Don't confuse objective technical commentary on your AES proposal with >a personal attack on you, ok? If your "technical commentary" is a hand-wave Opinion that you "know" my design has problems, you can bet I *will* take it as an attack, because that is not Science, and cannot be defended against. If you want to do Science, I don't care about your Opinion; I want to see facts and detailed reasoning. I want to see claims specified in enough detail so they can be checked, true or false. *Then* we can have a discussion based on reality instead of insinuation. But if you want to make this *fair*, why don't you participate? Why don't *you* design and enter a cipher? Why don't you make your *own* decisions about technology and tradeoffs, and fix them in print along with *your* name? Then, when you are smacking your lips at the thought of being able to criticize *my* design, I can be thinking the same about *you*. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Mon, 05 May 1997 05:40:44 GMT Lines: 79 Message-ID: <336d72d4.13568636@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <schneier-ya023080000105971437140001@news.visi.com> <E9Isqt.u9@cruzio.com> <33697d48.8259943@news.io.com> <3369e9b4.1050220@nntp.netcruiser> On Fri, 02 May 1997 13:19:02 GMT, in <3369e9b4.1050220@nntp.netcruiser> in sci.crypt seward@netcom.ca (John Savard) wrote: >ritter@io.com (Terry Ritter) wrote: > >>On Thu, 1 May 1997 20:54:29 GMT, in <E9Isqt.u9@cruzio.com> in >>sci.crypt schlafly@bbs.cruzio.com wrote: > >quoting Terry Ritter ritter@io.com http://www.io.com/~ritter/: >>>>> But even most private standards organizations require only that >>>>> patented technology be made available on a non-discriminatory basis. >>>>> They generally do *not* require that standards be based on >>>>> public-domain technology, or that patents for standards be contributed > >>>But they prefer public domain technologies. > >>No, they do not. In fact, they carefully *avoid* having a preference. >>Here is part of the ANSI Patent Policy referred to in the AES >>announcement: > >>1.2.11. ANSI Patent Policy - Inclusion of Patents in American >>National Standards > >>There is no objection in principle to drafting a proposed American >>National Standard in terms that include the use of a patented item, if >>it is considered that technical reasons justify this approach. > >Er...what if they don't? That sounds like a preference to me: Really? And if technical reasons don't justify using a public-domain technology? Is that also a "preference," this time *for* patented technology? >there is no objection _in principle_ to including patented items in >standards, if, for technical reasons, there is _no choice_... You are inserting your own words into a tightly-constructed policy statement to impose a meaning that statement does not give on its own. The policy does not *say* "if there is no choice," nor can we construe that meaning from anything it *does* say. If you disagree, I want to see a direct quote from the statement which clearly supports your interpretation. To the contrary, the policy directly states the simple fact that a public standard is being developed does not prevent the inclusion of patented technology in that standard. >but in practice, patented items are avoided whenever possible. Nonsense. Read the quote from my earlier message, the parts you did not repeat, or read the whole thing on-line as "ANSI Patent Policy." *Nowhere* in the document does it say *anything* like: | "ANSI prefers to use unpatented technology in standards. | But if no unpatented technology is available, patented | technology may be used." Now, the document *could* say that, if it really *meant* what you claim it means, but the document does *not* say that, and the fact that it does not, when it could, is telling. The ANSI Patent Policy is clearly intended to be *unbiased* with respect to patented technology. It makes clear to patent opponents that the simple fact that a technology is patented does *not* mean that it cannot be used in a standard. It makes plain that patented technology *can* be used, where needed, just like any *other* technology can be used, where needed. This is *hardly* a preference *for* public-domain technology. If it is a preference for anything here, it is a preference for the best possible technical standard without regard to patents. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Mon, 05 May 1997 05:41:53 GMT Lines: 79 Message-ID: <336d7319.13638437@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <1997Apr2718.21.49.26877@koobera.math.uic.edu> <schneier-ya023080002704972002550001@news.visi.com> <336517f7.852271@nntp.netcruiser> <wtshaw-2904971010130001@207.101.116.61> <33669857.11517059@nntp-1.io.com> <33674c63.972666@nntp.netcruiser> <schneier-ya023080000105971437140001@news.visi.com> <33698978.11380152@news.io.com> <3369ff06.752966@nntp.netcruiser> On Fri, 02 May 1997 14:57:37 GMT, in <3369ff06.752966@nntp.netcruiser> in sci.crypt seward@netcom.ca (John Savard) wrote: > >ritter@io.com (Terry Ritter) wrote: > >>On Thu, 01 May 1997 14:37:14 -0500, in >><schneier-ya023080000105971437140001@news.visi.com> in sci.crypt >>schneier@counterpane.com (Bruce Schneier) wrote: > >>>If there are no free algorithms, we will be forced to use a proprietary one. > >>Wrong. The first order of business is *not* to decide whether you can >>steal someone else's work. I expect that NIST will make this >>explicitly clear in their forthcoming rules. Otherwise, their public >>meeting has unfortunately already set them up for court challenge. > >Why, the first order of business *is* to decide whether you already >have something available to you without spending money - > >legitimately, without stealing - > >before running out to the store to buy it. No, the first order of business is to make a comparison of to what extent each proposed solution will actually solve the problem, and then what each solution will cost. But it seems quite *unlikely* that there can *be* any real cost comparisons in the early stages. Any claimed costs which are bandied about are likely to be made-up figures designed to win the competition and which nobody will guarantee in practice. To place such claims on a par with actual measurements and technical details would be foolhardy at the very least. And there seems to be an assumption here that a patented cipher is necessarily more expensive than a public domain one. This is false. It is *very* possible for a patented hardware design to be *cheaper* than a free one, and some people are going to *need* a hardware solution. Everybody knows that a software cipher will run faster if we just put it in hardware. But not everybody understands that some ciphering architectures improve in hardware *far* *more* than others. Some designs can have a massively greater bandwidth than other designs, even if both use similar amounts of similar-technology hardware. The failure to take advantage of such a design is a lost opportunity *cost*, even if the chosen design is free. >You *do* have a legitimate point, in that NIST should not completely >prejudge the question of whether a proprietary technology might be >sufficiently superior to what may be legitimately made available >without encumbrance, to be worth considering. > >To say, however, that NIST should base its decision _only_ on >technical merit is not correct. A significant benefit, not a slight >one, is the criterion for accepting a patented technology as the basis >for a standard. Sez who? I want to see a quote which backs this up. I researched this, and posted a quote, and if you have an opposing quote, I want to see that, and not just your statement to the contrary. This is a government-sponsored standards process. I claim that government-granted property rights should not be allowed to be *any* *amount* of negative factor in a government standards process, provided we wish to retain some illusion of equality under law and the right to own property. Discrimination against the rights of a small group by the mass is never pretty, and those who do not speak out may find that their group is next. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Tue, 06 May 1997 04:22:57 GMT Lines: 49 Message-ID: <336eb21e.16211123@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <33674c63.972666@nntp.netcruiser> <schneier-ya023080000105971437140001@news.visi.com> <33698978.11380152@news.io.com> <5kdpmg$lgg@joseph.cs.berkeley.edu> <336cf698.2295934@news.io.com> <1997May5.145815.7680@mbsks.franken.de> On Mon, 5 May 1997 14:58:15 GMT, in <1997May5.145815.7680@mbsks.franken.de> in sci.crypt m@mbsks.franken.de (Matthias Bruestle) wrote: > >Mahlzeit > > >Terry Ritter (ritter@io.com) wrote: >> I note that there has been oh-so-much concern about the cost of a >> patented cipher standard, but none at all about the cost of a >> copyrighted book. If AC were *not* copyrighted, other publishers >There are some differences here: > >- AC is no standard and has no monopoly. AES will be a standard > and if a firm has a patent on it, it has a monopoly. A copyrighted book *is* a monopoly on the precise text it contains. This monopoly exacts a toll in the form of added costs which would not be present if a competing publisher were allowed to copy the book exactly and sell it. Such a publisher needs no editors, has almost no time-to-market delay, and can choose only proven successful products to virtually eliminate risk. (It has been said that publishing normally has 9 failures for every success, so the success must earn back editing and production costs for 10 books.) Such a publisher could produce far cheaper books. Society prevents this, at a cost which the customer, of course, must pay. The reason for the patent monopoly is similar. Without patents we can have manufacturers who need little or no design group, have low time-to-market, and can choose only low-risk profitable products. This sounds like the dream of every manufacturer. But, in the long run, this is not good for society, even *if* the customer would get a lower-cost product. >- Every person can go into a bookstore and buy AC, but it is not > so easy for a privat person to get a license, or what to do > if it develops freeware with AES. So basically you are criticizing the current distribution arrangements for patents. I agree. But I don't think this is unfixable. It is not a reason for a blanket prejudice against patenting itself. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Fri, 09 May 1997 23:39:32 GMT Lines: 121 Message-ID: <3373b5ac.1003548@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <33674c63.972666@nntp.netcruiser> <schneier-ya023080000105971437140001@news.visi.com> <33698978.11380152@news.io.com> <5kdpmg$lgg@joseph.cs.berkeley.edu> <336cf698.2295934@news.io.com> <33723bd3.0@ALPHA.RHODES.EDU> On 8 May 97 20:47:15 GMT, in <33723bd3.0@ALPHA.RHODES.EDU> in sci.crypt bryan@alejb.nd.rhodes.edu (James Bryan Alexander) wrote: >[...] >I have read the previous posts in this thread. And, it may surprise you >to hear, Terry, that I did not find ANYTHING that was a personal attack >against you. There were plenty of statements to the effect that using >a patented algorithm for the standard would be undesirable for several >reasons, but just because you hold cryptography patents, that doesn't >make them personal attacks against you. Don't let your insecurities >and paranoia delude you. Frankly, I'd really rather get back to work, but this is an issue of conscience for me. It would be nice to have most people agree with everything I say (not that I would know what that was like), I guess. Some of this is just "Usenet" (people only post *differences*, after all), but I imagine that many people disagree, and this is not particularly comfortable. But I call it as I see it. When all this started -- and I have been here since 1989 when I announced my Dynamic Substitution stuff after it had been filed with the PTO -- there were rather few ciphers, and a generally poor understanding of how one could build an effective cipher. Other cipher designers began making their work public, so people could use it and develop from it, which is fine if one is in school or sees this as a hobby or avocation or a crucial public need. But cipher design generally takes more than a few weeks, and a general inability to sell ciphers in a marketplace of free ones means there is no financial basis to recover a design investment or to support an industry which would design better ciphers. At roughly the same time that cipher designers were giving their work to society, books were being written about cryptography which, curiously, were *not* given away. Even more curiously, no cipher designers noticed this difference, or thought it at all strange until, finally, everyone just assumed that a cipher designer *should* work for free, while an author should not. Apparently, the "true" cipher designer works merely for the thrill of seeing his or her name in print. In print, that is, in books which earn profits for their authors, but *not* for the many cipher designers who make these books possible. Note that we don't buy such a book for its immortal prose, but the author nevertheless insists on a financial basis for his or her collection effort; writers *don't* give away *their* substantial works for free. There is a heavy irony to this, a sort of maturing of understanding that by giving things away, we fail to develop the financial basis for an industry which would develop things beyond what we can make now. This devalues our work, and devalues our respect as cipher designers, and others take us for fools while using our work in building their own enterprises for their own profit. Consider the arrogance of an author who protects his work with copyright, obviously expecting a return on investment, while insisting that the cipher designers he supposedly respects should *not* have similar protection if they want to even *compete* for inclusion in a public standard. This *is* an insult, a direct slap in the face of every designer who considers cipher design a serious activity which deserves a return on investment in our capitalist economy. The idea that patented things are *necessarily* more costly than free things is simply false. Sometimes, as in hardware, patented things can be *cheaper* than free designs, if they use fewer resources. More often, the price of the cipher is hidden in the product, and a patented cipher will *not* increase the price. So the idea that patents are necessarily costly is an unwarranted bias, a *prejudice*. And, like most prejudices, it is not good policy, not (just) on moral grounds, but also on the *practical* grounds that making false assumptions does not lead to the best decisions. This is a free society, and there are cipher designers who give their work away free, and those who don't. However, this is also a *capitalist* society, based on profit in the marketplace. Demeaning those who would make such a profit is an insult to business itself. For an author to suggest that the class of designers who have the nerve to consider their work as important as that of an author should be discriminated against is *inherently* an insult. I expect my government to equally respect the rights of all of us, and patents clearly *are* property rights. The idea that someone should try to induce my government to discriminate against me on the basis of my *rights* in a publicly financed process is morally *wrong*, an *insult* to me, and a mischief to a government process. I think that cipher designers who try to profit from their work deserve a public apology for these insults. We deserve actions which would correct this injustice, and a promise to support the concept of a continuing business of cipher design functioning in ways consistent with our economic system. >[...] >Well, maybe you can afford to pay patent royalties, but if I am implementing >a crypto system for localized use, like within a small company, I cannot >afford to pay patent royalties, and don't really have the time or inclination >to do the paperwork to get a patent license. If you can afford to buy the equipment to run the cipher, you can afford to pay for the cipher. Period. It is more realistic for most people, however, to simply buy a program which contains the cipher, and also naturally includes a license for use hidden in the purchase cost. >I'd just as soon use something >in the public domain and not worry about patent hassles. My particular cipher technology has certain advantages in certain applications, and in some cases, these advantages can be crucial. But if one is just using my technology as one would use other ciphers, I doubt that we would see much of an advantage. So if you don't need what I have, or find it particularly advantageous, don't use it. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Sun, 11 May 1997 20:17:53 GMT Lines: 47 Message-ID: <33762964.11711744@news.io.com> References: <3373b5ac.1003548@news.io.com> <E9yGBq.199@cruzio.com> <01bc5d77$bbab7a40$27c10c26@i-charlej9.interramp.com> <5l4cp6$pbt@news.ox.ac.uk> On 11 May 1997 12:07:02 GMT, in <5l4cp6$pbt@news.ox.ac.uk> in sci.crypt patrick@gryphon.psych.ox.ac.uk (Patrick Juola) wrote: >[...] >Let me ask an analogous question. Suppose both algorithms were unpatented, >but algorithm A were 33% faster. Should we choose algorithm A? > >How about if algorithm A were 33% faster, but required four times as >much memory? Should we still choose algorithm A? The weighting of various features will no doubt be a subsequent issue. >Availability (and cost) of the algorithm is, and should be, a criterion >like any other one. Well, *availability* -- nondiscriminatory licensing or some such -- is the one thing which *is* required of a patented standards candidate. But *cost* simply *cannot* be determined. Final to-the-user cost of a cipher will probably be the function of several intermediates, with the cipher only a small part of the ultimate product. Costs like these simply cannot be accurately described in terms of their affect on the user. Does each API which Microsoft adds to their operating system really *have* a known effect on the OS price? >>To put it bluntly, Terry asks (IMHO, of course) if the NIST is after the >>best algorithm possible (whatever "best" may mean here) what difference >>does it make if the algorithm happens to be patented? > >The same difference that speed, memory overhead, &c.... makes. Provided that there is some practical *difference* associated with patenting, this is true. But then the issue is the difference, not the patent per se. And such a difference is by no means assured. If there is *no* practical difference, then simply listing patent status as a difference like speed and resource use would not be a reasonable basis for a decision. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Sun, 11 May 1997 06:37:10 GMT Lines: 70 Message-ID: <33756910.12157408@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <336cf698.2295934@news.io.com> <33723bd3.0@ALPHA.RHODES.EDU> <3373b5ac.1003548@news.io.com> <5l3jpk$toi@joseph.cs.berkeley.edu> On 10 May 1997 22:00:36 -0700, in <5l3jpk$toi@joseph.cs.berkeley.edu> in sci.crypt daw@joseph.cs.berkeley.edu (David Wagner) wrote: >In article <3373b5ac.1003548@news.io.com>, Terry Ritter <ritter@io.com> wrote: >> At roughly the same time that cipher designers were giving their work >> to society, books were being written about cryptography which, >> curiously, were *not* given away. > >Have you ever tried to publish a free book and reach tens of thousands >of people without charging anything? You generally need a publisher to >publish a book, and the publisher generally charges the public to recoup >distribution and publication costs. Ahem. Free publication occurs all the time on the web. >In any case, yes, it's unfortunate, but it's not specific to Bruce >Schneier -- it's a general phenomenom common to the scientific literature. >(Yes, publishers charge libraries for journals, too -- the prices are >quite steep actually.) Prices are steep, as I am well aware. >So if you have a problem with this practice, why single out Bruce? >The same criticism applies to every researcher who has ever published >a scientific paper or book. My problem is *not* with the practice of charging for published material. (Nevertheless, the ability to publish to the web without charge does exist when desired, so we can assume that such is *not* desired when it does not occur.) No, the reason to charge for a book is to recover the cost of development, and this is a general need which cipher designers feel as well as authors. But virtually the only way to recover cipher development costs -- while fully exposing the design for analysis -- is by patent, and we all know what Schneier has said about that. The implication I draw from this is that the author thinks cipher designers simply do not deserve to recover their costs, while authors do. And the implication I draw from *that* is what the author thinks of the expertise and effort involved in making new ciphers and exploring new cipher technology versus the effort needed to write a book about what others have done. I don't like that implication. My observation is simply that some people were giving their work to the public domain for the benefit of society, while others were preparing to extract profit from this opportunity. The whole purpose of a book of ciphers is to present *the ciphers*. But in the end the *book* makes money, *not* the cipher designers. Silly me, but I think there is something wrong here. Now, it is not Schneier's role to guarantee a profit for cipher designers. But to claim that patented technology should not be able to compete in a government standards process is *way* beyond bounds in several different ways. In the line of argument discussed here, if an author needs government protection to recover *his* investment, how can that same author *possibly* argue against a cipher designer using government protection to recover *his* investment? This actually happened. I didn't invent it. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Sun, 11 May 1997 20:18:10 GMT Lines: 85 Message-ID: <3376297e.11738236@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <33674c63.972666@nntp.netcruiser> <schneier-ya023080000105971437140001@news.visi.com> <33698978.11380152@news.io.com> <5kdpmg$lgg@joseph.cs.berkeley.edu> <336cf698.2295934@news.io.com> <33723bd3.0@ALPHA.RHODES.EDU> <3373b5ac.1003548@news.io.com> <NifdzkKkXMkK084yn@philos.umass.edu> On Sun, 11 May 1997 12:49:17 -0400, in <NifdzkKkXMkK084yn@philos.umass.edu> in sci.crypt quilty@philos.umass.edu (Lulu of the Lotus-Eaters) wrote: >[...] >Ritter's "argument" >seems to boil down to the sole fact that _Applied Cryptography_ is under >copyright. No, it is *you* who is missing the point: Schneier has formally stated in a government process that applications using patents should simply not be considered for AES. He, therefore, is comfortable in preventing those cipher designers who wish to do so from earning a return on their investment their work, while he makes a return on his. Beyond that it seems ironic that his return almost completely depends upon the work of cipher designers, and, in general, it is he who is earning a return, and not they. And this tells us which ownership policy is likely to be the most successful. >Big deal! Without knowing anything specific about Schneir's >thought process in publishing, I would suspect this copyright has at >least as much to do with his publisher's demands as his own wishes. Yes, the publisher has an investment too. >If, >hypothetically, someone was able to write a high quality book on >cryptography (such as _AC_) and had no interest in maintaining a >copyright, s/he would almost surely have to cede to the copyright >demands of a publisher to actually get it printed. Yes, the publisher wants a return on the investment. The publisher also wants government -- through copyright -- to prevent other publishers from simply finding a popular book and copying it page for page and delivering it to the consumer for about half the price. This is quite analogous to the government -- through patent -- preventing other manufacturers from reproducing a cipher design. Oddly, Schneier supports one, and not the other. Presumably you do too, although your .sig would suggest to me that you should be against both. Copyright *is* Intellectual Property! So are you going to walk the walk, or just talk the talk? The issues for society are: If cipher design is important, how is the continued effort to be supported? If cipher design is a one-shot thing, how is the original investment to be recovered? The alternative, of course, is to consider cipher design a trivial dabbling, an avocation, a puzzle for a mere dilettante to fill the hours of boredom in school. Then, of course, there is no need to think of cipher design as a real activity, deserving of continued support, and why should we compensate someone for something which anyone could do? This is where we are now. >As to the value of >the printed version: I, for one, would HAPPILY pay $35 for a bound >version of the text printed on nice paper in a readable font, EVEN IF >the identical text was avaialable for free by anonymous FTP. If Schneir >were my hypothetical GNU-minded writer, he would still have probably >agreed to the publisher's copyright in order to give people like me the >option of buying a printed version of the text he wrote. I for one am glad that you got such a good deal. It is a little sad that the various cipher designers whose works constitute the content of the book do not get an equally good deal. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Sun, 11 May 1997 03:44:56 GMT Lines: 60 Message-ID: <337540b4.1823983@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <3373b5ac.1003548@news.io.com> <E9yGBq.199@cruzio.com> <01bc5d77$bbab7a40$27c10c26@i-charlej9.interramp.com> <3374EC84.7051@uptronics.com> On Sat, 10 May 1997 14:45:40 -0700, in <3374EC84.7051@uptronics.com> in sci.crypt Bryan Olson <Bryan.Olson@uptronics.com> wrote: >Charles N. Johnson (who doesn't agree with Ritter, but wants >the position to be clear) wrote: > >[...] >> Now let us sharpen the point. Suppose the patented algorithm were "better" >> where you get to choose what better means; e.g., 33% faster, or more easily >> scalable, whatever. > >The opposing position is not that technically superior >algorithms should be ignored because they're patented, >but rather that technical reasons do not justify using >any patented item. If that is the position, it has not been made. Assertion, otherwise known as "statement without a shred of evidence," does not constitute a position. >Ritter has misrepresented Bruce >Schneier's position as a prejudice. This was a correct representation: A belief without backing evidence *is* a prejudice. >Schneier has done >the most extensive survey of encryption techniques known >in the open literature, Alas, *my* technologies are not in that survey. Note they have not been exposed to have obvious problems, they are just not there. My expectation would be that other technologies are similarly missing. So, clearly *not* having reviewed all the technology available, you say that Schneier has *still* seen fit to claim that there can exist no patented technology which would be worth using in AES. We should recognize this sort of claim, since we see it so often in cryptography: It is science by assertion. If not acceptable for newbies, shall we now accept it from Schneier? Indeed, shall we now offer it as an excuse for anti-Science? >and it is after this work that >Schneier recommends dismissing patented methods. Oh, nonsense. Schneier has done no kind of survey to determine cipher effectiveness. In fact, this ability to do this does not exist in the open literature. That is one reason we need NSA to help evaluate various techniques. They may know something we don't. --- Terry Ritter
From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Letter to NIST: AES Comments Date: Tue, 13 May 1997 07:34:57 GMT Lines: 116 Message-ID: <3378196a.15521762@news.io.com> References: <schneier-ya023080002604971232040001@news.visi.com> <33773CD9.28E9@sprynet.com> <EA38zH.5KC@cruzio.com> On Mon, 12 May 1997 21:57:17 GMT, in <EA38zH.5KC@cruzio.com> in sci.crypt schlafly@bbs.cruzio.com wrote: >In article <33773CD9.28E9@sprynet.com>, William Hugh Murray <whmurray@sprynet.com> writes: >> > Are you similarly offended when the govt awards a contract to the >> > lowest bidder? Doesn't the high bidder also have property >> > rights? >> >> The rights of all bidders were respected in your case. Each had an >> equal opportunity to be the low bidder. Ritter's concern is that he be >> permitted to bid at all. > >No, that is not Ritter's concern. He is allowed to bid, >according to the NIST regulations. This mixes two different lines of discussion: In the first, Schneier sends a formal letter to NIST, and copies sci.crypt, and in it states that patented "algorithms" simply should not be allowed to even compete: + "Patented algorithms should not be considered, unless the + patent-holder is willing to grant free world wide rights + as IBM did with DES." In the second line of discussion, the results of the NIST meeting apparently were that patented "algorithms" should be allowed, but discouraged: + "Regarding patent-free implementations, NIST strongly + prefers a royalty-free world-wide implementation. They + will accept patented algorithms, but will heavily favor + royalty-free algorithms." The statement is that "NIST regulations" allow me to "bid." But AES is *not* a "bid," and, as far as I am aware there *are* no NIST regulations on this yet. Accordingly, the statement is simply false on its face, with the issue still pending. A big part of the issue is exactly what "heavily" means. It sounds like a lot more than a fair comparison based on increased costs due to licensing. In fact it sounds quite a lot like "patented algorithms need not apply." >His concern is that he is >less likely to win because he is asking for patent royalties. My "concern" is that a government-funded, public (as opposed to private) standards process should not discriminate on the basis of property rights. Policy decisions about the social worth of patents have already been made in making patents available, and in granting particular patents. However, if discrimination *is* to occur, it should in no case be to more of a degree than the expected difference in end-user cost. But end-user cost is *not* the same as manufacturer cost. We should not be setting up a giveaway for manufacturers with substantial product sales. If the manufacturers are going to get a serious price for their product, they can afford a license, and there is no reason for cost discrimination in the first place. Or we can just ask all the manufacturers to grant free world-wide rights to *their* products. Fair is fair. >He argues that the patent should make *no difference*, as long as >he has a reasonable licensing policy. Some of us think this is >contrary to common sense -- no one buys anything without looking >at the price. And exactly what "price" will be attached to the *other* entries? Is a public-domain algorithm "free" in your estimate? This sounds like a pretty good way to eliminate competitors who have patents, since, in this sense, a patented thing is *infinitely* more expensive than free. But we won't see manufacturers giving away *their* product for free. This sounds like the usual slimy political manipulation, since moderate cipher cost has little or nothing to do with to-the-user delivered cost. And it is this end-user cost which I would guess that most people would think that their governmental process should be worried about. End-user cost, I claim, is unlikely to be much different between ciphers whether free or patented, and will be very difficult to compute, even for the so-called "free" applications. But if there *is* expected to be a few percent difference in product costs due to patents, *that* is the fair amount of bias I would accept to be weighed against meeting the requirements and also providing new features for various new uses. This "cost" ploy sounds like just another way for the various manufacturers to deliver an unexpectedly costly product, after telling everyone that the selection process will reduce user costs. It will instead mainly reduce manufacturer costs. So, is a "free" algorithm "free" for the people? Or is it just "free" for the manufacturers to make even more money without necessarily fielding the best design? >I hope he submits his algorithms. But considering that there are >some very good free alternatives, it seems very unlikely that >NIST will pick an algorithm which is not free. Actually, there are *not* many good alternatives. The first two AES requirements are expected to be: 1) 128-bit key size, and 2) 128-bit block size. That is what we need if we *must* have a single block cipher standard, and that clears out a lot of the field right there. Whit Diffie has argued strongly for *scalable* ciphering technology, and I agree. There are *not* many suppliers of such technology. But I am one. --- Terry Ritter ritter@io.com http://www.io.com/~ritter/
Terry Ritter, his current address, and his top page.
Last updated: 1998-01-16