[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL, SUN and ECC (patent issue)

On Thu, Oct 10, 2002 at 10:16:50PM +0300, Richard Braakman wrote:
> On Thu, Oct 10, 2002 at 04:59:50PM +0200, Toni Mueller wrote:
[obnoxious clause]
> We've discussed it on this list already, but the remaining open question
> is, what patents do they have that they refer to here?
> If ECC is patent-encumbered, then I think it's a bad idea to include
> support for it, regardless of where the code comes from or what its
> license is.  There are enough free algorithms available now so that we
> don't have to encourage use of non-free ones anymore.

ECC itself is not patent encumbered, but the most popular curves are.
These curves (mathematical equations, essentially) are patented by
Certicom, not Sun. It's like patenting a (p, q) pair for DSA or Elgamal,
except that these curves are ANSI standards, and so everyone uses them
(even though some of them are obviously insecure).

Anyone can create their own curves, however, so this is not an issue
unless the ECC code includes parameters for those curves (which it
probably does). The proper thing to do is for Debian versions to lock
out patented curves, even if they are self-generated. If we do this, we
have covered ourselves. Otherwise, we should remove the ECC code into

Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553E7
Fifty flippant frogs
Walked by on flippered feet
And with their slime they made the time
Unnaturally fleet.

Attachment: pgpD3VKAwx06G.pgp
Description: PGP signature

Reply to: