lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <42EADAF7.5010006@science.org> Date: Sat Jul 30 02:41:41 2005 From: jasonc at science.org (Jason Coombs) Subject: <Cisco Message> Mike Lynn's controversial Cisco Security Presentation J.A. Terranson wrote: >>>I believe that at the moment of disclosure it becomes public domain. >>>Echoes of RC4... >>http://www.infowarrior.org/users/rforno/lynn-cisco.pdf > > That letter doesn't change anything. Theres a lot of law that says that > is now public data, and free of it's trade incumberances. RC4 is an algorithm, which means it cannot be patented nor copyrighted nor protected as intellectual property as anything other than a trade secret. The Cisco/ISS trade secrets remain so unless and until these companies forego the legal protections afforded to them under law. i.e. they fail to seek restraining orders and otherwise fail to attempt to keep control of the commercial advantage that they believe they enjoy as a result of their ownership of the trade secret. Because RC4, as an algorithm, cannot be protected as a trade secret starting the moment it is embodied into a product where the product can be reverse engineered legally, it would not have been possible to obtain injunctions against the dissemination and use of the RC4 algorithm and this is where you end up feeling like RC4 became "public domain" upon its public disclosure. See: http://en.wikipedia.org/wiki/RC4 Now, if RC4 had never been used to create a product and had been kept as a trade secret, and that secret had been published, then it would not have become, automatically, an unencumbered algorithm that could be used by anyone with impunity. There being no way other than theft of trade secret for a third party to come to know the algorithm, had a court order been obtained to halt the spread of the secret the algorithm itself could very well have been kept as protectable intellectual property until such time as the company that enjoyed a commercial advantage through preservation of their RC4 trade secret had concluded the public distribution of a product that somebody else could have reverse engineered. The interesting question in the Lynn case arises when international jurisdictions come into play. It is very clear that anyone inside the U.S. who were to publish an article like the following one: http://www.techworld.com/security/news/index.cfm?NewsID=4130 Would be subject to the injunction on distribution of the trade secrets in question, and could be sued for having knowingly possessed and made use of (for the purpose of writing the article) those secrets. However, techworld.com is a UK-based publisher, apparently, and so should be fine until a UK court concurs with the U.S. court's granting of the injunction. Sincerely, Jason Coombs jasonc@...ence.org
Powered by blists - more mailing lists