authentication, then signed digital documents can be exchanged between users in different nations using different software on different platforms; this interoperability is necessary for a true digital economy to develop. The lack of secure authentication has been a major obstacle in achieving the promise that computers would replace paper; paper is still necessary almost everywhere for contracts, checks, official letters, legal documents, and identification. With this core of necessary paper transaction, it has not been feasible to evolve completely into a society based on electronic transactions. Digital signatures are the exact tool necessary to convert the most essential paper-based documents to digital electronic media. Digital signatures makes it possible, for example, to have leases, wills, passports, college transcripts, checks, and voter registration forms that exist only in electronic form; any paper version would just be a ``copy'' of the electronic original. All of this is enabled by an accepted standard for digital signatures. 2.19 Is RSA patented? RSA is patented under U.S. Patent 4,405,829, issued 9/20/83 and held by Public Key Partners (PKP), of Sunnyvale, California; the patent expires 17 years after issue, in 2000. RSA is usually licensed together with other public-key cryptography patents (see Question 1.5). PKP has a standard, royalty-based licensing policy which can be modified for special circumstances. If a software vendor, having licensed the public-key patents, incorporates RSA into a commercial product, then anyone who purchases the end product has the legal right to use RSA within the context of that software. The U.S. government can use RSA without a license because it was invented at MIT with partial government funding. RSA is not patented outside North America. In North America, a license is needed to ``make, use or sell'' RSA. However, PKP usually allows free non-commercial use of RSA, with written permission, for personal, academic or intellectual reasons. Furthermore, RSA Laboratories has made available (in the U.S. and Canada) at no charge a collection of cryptographic routines in source code, including the RSA algorithm; it can be used, improved and redistributed non-commercially (see Question 8.10). 2.20 Can RSA be exported from the U.S.? Export of RSA falls under the same U.S. laws as all other cryptographic products. See Question 1.6 for details. RSA used for authentication is more easily exported than when used for privacy. In the former case, export is allowed regardless of key (modulus) size, although the exporter must demonstrate that the product cannot be easily converted to use for encryption. In the case of RSA used for privacy (encryption), the U.S. government generally does not allow export if the key size exceeds 512 bits. Export policy is currently a subject of debate, and the export status of RSA may well change in the next year or two. Regardless of U.S. export policy, RSA is available abroad in non-U.S. products. RSA Laboratories is the research and consultation division of RSA Data Security, Inc., the company founded by the inventors of the RSA public-key cryptosystem. RSA Laboratories reviews, designs and implements secure and efficient cryptosystems of all kinds. Its clients include government agencies, telecommunications companies, computer manufacturers, software developers, cable TV broadcasters, interactive video manufacturers, and satellite broadcast companies, among others. For more information about RSA Laboratories, call or write to RSA Laboratories 100 Marine Parkway Redwood City, CA 94065 (415) 595-7703 (415) 595-4126 (fax) PKCS, RSAREF and RSA Laboratories are trademarks of RSA Data Security, Inc. All other trademarks belong to their respective companies. This document is available in ASCII, Postscript, and Latex formats via anonymous FTP to rsa.com:/pub/faq. Please send comments and corrections to faq-editor@rsa.com. === DISTRIBUTION: How to obtain this document This document has been brought to you in part by CRAM, involved in the redistribution of valuable information to a wider USENET audience (see below). The most recent version of this document can be obtained via the author's instructions above. The following directions apply to retrieve the possibly less-current USENET FAQ version. FTP This FAQ is available from the standard FAQ server rtfm.mit.edu via FTP in the directory /pub/usenet/news.answers/cryptography-faq/rsa/ Email Email requests for FAQs go to mail-server@rtfm.mit.edu with commands on lines in the message body, e.g. `help' and `index'. Usenet This FAQ is posted every 21 days to the groups sci.crypt talk.politics.crypto alt.security.ripem sci.answers talk.answers alt.answers news.answers _ _, _ ___ _, __, _, _ _, ___ _ _, _, _ _ _, __, _, _ _ ___ __, | |\ | |_ / \ |_) |\/| / \ | | / \ |\ | | (_ |_) / \ | | |_ | ) | | \| | \ / | \ | | |~| | | \ / | \| | , ) | \ / |/\| | |~\ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~~~ ~ ~ === CRAM: The Cyberspatial Reality Advancement Movement In an effort to bring valuable information to the masses, and as a service to motivated information compilers, a member of CRAM can help others unfamiliar with Usenet `publish' their documents for widespread dissemination via the FAQ structure, and act as a `sponsor' knowledgable in the submissions process. This document is being distributed under this arrangement. We have found these compilations tend to appear on various mailing lists and are valuable enough to deserve wider distribution. If you know of an existing compilation of Internet information that is not currently a FAQ, please contact us and we may `sponsor' it. The benefits to the author include: - use of the existing FAQ infrastructure for distribution: - automated mail server service - FTP archival - automated posting - a far wider audience that can improve the quality, accuracy, and coverage of the document enormously through email feedback - potential professional inquiries for the use of your document in other settings, such as newsletters, books, etc. - with us as your sponsor, we will also take care of the technicalities in the proper format of the posted version and updating procedures, leaving you free of the `overhead' to focus on the basic updates alone The choice of who we `sponsor' is entirely arbitrary. You always have the option of handling the submission process yourself. See the FAQ submission guidelines FAQ in news.answers. For information, send mail to <tmp@netcom.com>. \ \ \ \ \ \ \ \ \ | / / / / / / / / / / _______ ________ _____ _____ _____ /// \\\ ||| \\\ /// \\\ |||\\\///||| ||| ~~ ||| /// ||| ||| ||| \\// ||| ||| __ |||~~~\\\ |||~~~||| ||| ~~ ||| \\\ /// ||| \\\ ||| ||| ||| ||| ~~~~~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ / / / / / / / / / | \ \ \ \ \ \ \ \ \ \ C y b e r s p a t i a l R e a l i t y A d v a n c e m e n t M o v e m e n t * CIVILIZING CYBERSPACE: send `info cypherwonks' to majordomo@lists.eunet.fi * From netcom.com!ix.netcom.com!howland.reston.ans.net!spool.mu.edu!bloom- beacon.mit.edu!senator-bedfellow.mit.edu!faqserv Sun Jun 11 10:50:40 1995 Xref: netcom.com sci.crypt:37592 talk.politics.crypto:10205 alt.security.ripem:1368 sci.answers:2675 talk.answers:722 alt.answers:9578 news.answers:44827 Path: netcom.com!ix.netcom.com!howland.reston.ans.net!spool.mu.edu!bloom- beacon.mit.edu!senator-bedfellow.mit.edu!faqserv From: faq-editor@rsa.com Newsgroups: sci.crypt,talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers ,news.answers Subject: RSA Cryptography Today FAQ (2/3) Supersedes: <cryptography-faq/rsa/part2_799598431@rtfm.mit.edu> Followup-To: poster Date: 26 May 1995 10:39:07 GMT Organization: none Lines: 1130 Approved: news-answers-request@mit.edu Expires: 30 Jun 1995 10:38:42 GMT Message-ID: <cryptography-faq/rsa/part2_801484722@rtfm.mit.edu> References: <cryptography-faq/rsa/part1_801484722@rtfm.mit.edu> Reply-To: faq-editor@rsa.com . Jun 1995 10:38:42 GMT Message-ID: <cryptography-faq/rsa /part2 _801484722@rtfm.mit.edu> References: <cryptography-faq/rsa /part1 _801484722@rtfm.mit.edu> Reply-To: faq-editor@rsa.com. software. The U.S. government can use RSA without a license because it was invented at MIT with partial government funding. RSA is not patented outside North America. In North America, a license. === DISTRIBUTION: How to obtain this document This document has been brought to you in part by CRAM, involved in the redistribution of valuable information to a wider USENET audience