Subject: Re: Novel anti-software-patent article
From: Ian Lance Taylor <ian@airs.com>
Date: 7 Jan 2000 14:01:49 -0500

   Date: Fri, 7 Jan 2000 14:03:46 -0500 (EST)
   From: Lynn Winebarger <owinebar@free-expression.org>

   > Crypto is a special case, though, which is why it is an interesting
   > case to talk about with respect to patents.  If you keep the crypto
   > algorithm a trade secret, people won't trust it.  (And, moreover,
   > history shows that it probably won't be as strong as you think it is.)

       Correction: _some_ people won't trust it.  What's more, it'll probably
   be incorporated into some particular application (or OS service) rather
   than being available by itself, and most of the end-users of those
   services won't care too much about knowing the details as long as they're
   sufficiently reassured by a large company (if they think about it at all).

Granted that most people don't care about security, but in those cases
you might as well just use XOR.

With a crypto algorithm, you either reveal it, or you accept that it
may be surprisingly weak.  You suggested keeping a trade secret as an
alternative to patenting the algorithm.  I'm saying that it's
pointless to rely on trade secret protection for a crypto algorithm
which is meant to be strong.

If the crypto algorithm is not meant to be strong, then it really
doesn't matter what you do, and in particular security by obscurity is
perfectly reasonable.

It's tempting to think that there is some middle ground, but I think
historical data shows that there is not.

Ian