Re: Do people have something against RSA?

[Timothy Fisher <tfisher@xxxxxxxxxxxxxxxxxxx>]

Fortunately, the patent will expire at the end of September of this year.  After
that, you will
no longer have to pay RSA data corp. any fees to use RSA.

The reason that DSA is mandated in most standards is simply because it is free
to use.
A standard should never mandate an algorithm which must be licensed from a
specific provider.
This would be a mistake.

Timothy Fisher

Christopher Williams wrote:

> Do people in the PKI world have something RSA Data Corporation?  It's just
> that every document mandates DSA as a signature algorithm and indicates that
> RSA "MAY" also be supported.  Another example is that PKIX does not support
> PKCS#8 for securing private keys, even though PKCS#8 is a well-established
> standard (eight years old now?).  Then I read as a suggested amendment to
> the TSP document:
>
> "TSA implementations MUST support DSA.  TSA implementations MAY include RSA.
> "
>
> Get real!  The whole world uses RSA.  The future worldwide PKI will run on
> RSA.  I have never seen a certificate signed with an algorithm other than
> RSA and containing anything other than an RSA public key.  Sure, RSA is
> patented, so factor licensing it as part of your software development costs
> and pay them their fee - they deserve it.
>
> Insisting upon DSA and Diffie-Hellman is like railing against the
> universality of Microsoft: pointless and missing the point.
>
> Christopher Williams
>
> Software engineer, NetLexis Ltd.
> http://www.netlexis.com "Intelligent Trust"