September 12, 2000 Via Federal Express IETF Secretariat c/o Corporation for National Research Initiatives 1895 Preston White Drive Suite 100 Reston, VA 20191-5434 Dear Sir or Madam: RSA Security Inc. recognizes that the RSA public-key cryptosystem covered by U.S. Patent #4,405,829, which is owned by Massachusetts Institute of Technology and licensed exclusively to RSA Security, is cited and employed within a large number of standards documents and drafts (such as ANSI X9.31 and X9.44, FIPS 186-2, IEEE 1363, IETF S/MIME, IPsec and TLS, ISO/IEC 9796-2 and 14888-3, and WAP WTLS). The patent was due to expire on September 20, 2000. On September 6, 2000, RSA Security announced that, effective immediately, it would not enforce the patent against third parties who desire to create, sell or offer to sell in the U.S. products that incorporate their own implementation of the RSA algorithm. RSA Security does not claim ownership of any additional intellectual property needed to implement and practice the RSA public-key cryptosystem contained within U.S. Patent #4,405,829. Thus, third parties may now sell or offer to sell in the U.S. implementations of the RSA public-key cryptosystem without a license from RSA Security. However, RSA Security does not represent or warrant that implementations of the algorithm will not infringe the intellectual property rights of any third party. RSA Security does maintain copyright and other intellectual property rights in RSA's own implementations of the RSA public-key cryptosystem, which are incorporated into the RSA BSAFE(r) toolkit and other RSA Security products and made available to other organizations under license. This licensing practice is unaffected by the expiration of U.S. Patent #4,405,829. Sincerely, Margaret K. Seif Vice President and General Counsel