Re: Security services for HTTP: Kerberos vs. PEM

[HALLAM-BAKER Phillip <hallam () dxal18 cern ch>]

In article <1993Jun30.020850.24174 () uvm edu>, wollman () trantor emba uvm edu
(Garrett Wollman) writes:

|>In article <SES.93Jun29203706 () tipper oit unc edu> ses () tipper oit unc edu
(Simon E Spero) writes:
|>>PEM isn't an option ; the encryption is only licenced for email 
|>
|>Correction: PEM isn't an option inside of the United States and
|>probably some other countries.  (Same result, unfortunately.)  If you
|>live outside of the reach of PKP's lawyers, there's nothing stopping
|>you from writing, distributing, and using your own PKE software.

To emphasise the point, outside the US the patent is void on almost every
count :-

1) It consists entirely of a mathematical method, these are specifically
        excluded from patent protection.

2) The patent was only applied for after the method was published.

3) The patent has expired ! (first published in 1974, thus any patent
        would have expired in 1988).

4) The patent is broader than the work of the patent holders, specifically it
        has a claim for *any* public key encryption system. 


Since CERN has international institute status and staff are covered for
their actions as parts of their job by diplomatic immunity PKP can't
even run a nuisance suit. It seems to me that situations like this where a
patent has been granted in order to prevent work in the field is precisely
the area for which the special status was created.

......