[sci.crypt] RSA Encryption on the Internet

smb@ulysses.homer.nj.att.com (Steven M. Bellovin) (03/22/89)

The New York Times reported today that the Internet has decided to
adopt RSA as the basis for an authentication scheme.  This was done
after appropriate negotiations with RSA, Inc., concerning licensing.
Can someone post the details, both technical and administrative?
(It's odd to learn something significant about the Internet from the
mundane media...)

		--Steve Bellovin
	att!ulysses!smb, smb@ulysses.att.com

sean@ms.uky.edu (Sean Casey) (03/22/89)

Jim Bidzos of RSA Data Security told me that there should be an RFC out
by early April describing the implementation of the standard.

He outlined it to me, but I don't remember it that well. It mostly
concerns the transmission of DES keys for encrypted email by using the
RSA scheme.

As far as using the RSA scheme, they are pretty liberal about granting
no-cost licenses for noncommercial use. The trick is that anyone who
uses RSA must first register their personal key with them. It costs $25
for two years.  They then encode their key in yours, and send it back.
Anyone who is granted a license for an RSA application program then has
to check any user's public key and verify that they are registered and
up to date. This is easily done by encrypting with RSA Corp's public
key. Out pops a string (I guess - he didn't say explicitly) and a date
code.

Thus it's likely that once you've registered a personal key, you can
use Internet RSA facilities at no additional cost for two years.

Hopefully, once the RFC is out, we'll have some heavy math types
writing a a really fast freely redistributable implementation.

Sean

-- 
***  Sean Casey                        sean@ms.uky.edu,  sean@ukma.bitnet
***  Who sometimes never learns.       {backbone site|rutgers|uunet}!ukma!sean
***  U of K, Lexington Kentucky, USA  ..where Christian movies are banned.
***  ``You talk the talk. Do you walk the walk?''

paul@kuhub.cc.ukans.edu (Craig Paul) (03/22/89)

> The New York Times reported today that the Internet has decided to
> adopt RSA as the basis for an authentication scheme.  This was done
> after appropriate negotiations with RSA, Inc., concerning licensing.
> Can someone post the details, both technical and administrative?
> (It's odd to learn something significant about the Internet from the
> mundane media...)

Look up this reference....

From:	KUHUB::PAUL         "Craig Paul" 14-FEB-1989 15:06:04.87
To:	PAUL,PAUL        
CC:	
Subj:	Internet Endorses RSA E-mail.

PC Week, 2/13/89, p. c/6