On Thu, Oct 10, 2002 at 10:16:50PM +0300, Richard Braakman wrote: > On Thu, Oct 10, 2002 at 04:59:50PM +0200, Toni Mueller wrote: [obnoxious clause] > > We've discussed it on this list already, but the remaining open question > is, what patents do they have that they refer to here? > > If ECC is patent-encumbered, then I think it's a bad idea to include > support for it, regardless of where the code comes from or what its > license is. There are enough free algorithms available now so that we > don't have to encourage use of non-free ones anymore. ECC itself is not patent encumbered, but the most popular curves are. These curves (mathematical equations, essentially) are patented by Certicom, not Sun. It's like patenting a (p, q) pair for DSA or Elgamal, except that these curves are ANSI standards, and so everyone uses them (even though some of them are obviously insecure). Anyone can create their own curves, however, so this is not an issue unless the ECC code includes parameters for those curves (which it probably does). The proper thing to do is for Debian versions to lock out patented curves, even if they are self-generated. If we do this, we have covered ourselves. Otherwise, we should remove the ECC code into non-US/non-free. -- Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553E7 Fifty flippant frogs Walked by on flippered feet And with their slime they made the time Unnaturally fleet.
Attachment:
pgpD3VKAwx06G.pgp
Description: PGP signature