Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!sun-barr!decwrl!shelby!CCC.NMFECC.GOV!NESSETT
From: NESSETT@CCC.NMFECC.GOV
Newsgroups: comp.protocols.kerberos
Subject: Re: cost of using RSA
Message-ID: <891215083818.22200126@CCC.NMFECC.GOV>
Date: 15 Dec 89 16:38:18 GMT
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 26

Jon Rochlis writes :

> Certificates have major advantages, it is true.  However the choice of
> an asymetric encryption algorithm (i.e. RSA) creates tremendous
> legal/financial problems, while the use of DES trumps those.  So far
> the only arangements public arrangments with RSADI (who controls the
> RSA patent) are for the Internet e-mail keys (at $25 a user / per 2
> years).  Nobody knows what arrangments can be had for any other use.
> While I believe the RSA problems only apply within the US (and exclude
> the government and MIT), that still leaves a lot of people with
> serious exposure if they elect to go the X.509 route ... whereas they
> can go with Kerberos now and not pay anybody any money.

Those concerned with the cost per user of $25 / 2 years for a certificate may
wish to calculate the costs of maintaining a centralized KDC (including, of
course, administration costs associated with installing users in the password
database, such as deciding whether a user is allowed in the database at all).

It also may interest those concerned with using RSA that NIST (nee' NBS) is
currently working on standardizing an asymmetric encryption algorithm.  There
are several candidates for this standard, one of which is RSA.  It seems that
the government is willing to standardize patented "processes" (technically, you
can't patent algorithms) as long as the cost of using those "processes" is
reasonable.

Dan Nessett