[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cfrg] Licensing of ECC (was: Defining inter operable ECC keys in for IETF protocols)

To: "pgut001" <pgut001 at cs.auckland.ac.nz>, <cfrg at ietf.org>
Subject: [Cfrg] Licensing of ECC (was: Defining inter operable ECC keys in for IETF protocols)
From: "Blumenthal, Uri" <uri.blumenthal at intel.com>
Date: Thu, 23 Mar 2006 11:30:07 -0500
Cc:
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
Thread-index: AcZOIyrYF8QGdYJ8R8a4r2jMJVWM/wAchNOA
Thread-topic: Licensing of ECC (was: Defining inter operable ECC keys in for IETF protocols)

Peter, I fully agree with you. 

Hillarie, I think you're overly optimistic - probably a result of not working for a "deep-pocket employer". (Apologies if I am wrong.)

>From what I gathered talking to my lawyers and colleagues that were trying to license ECC - the license language from Certicom to NSA contains some "field of use" limitations which Certicom asserts that they interpret VERY narrowly versus the broader interpretation voiced by others shortly after the licensing to NSA took place.

Also, I suspect that there are "usage" and "implementation" patents that NSA did not get a license to, that would effectively block use of any sublicense that NSA can grant (subject to verification, of course).

My personal conclusion: if you are a one-man shop - maybe NSA sub-licensing is enough of a cover/protection. If you are a "deep-pockets company" - treat ECC as you would a rattlesnake until ECC patents expire.

In short, it looks like RSADSI all over again. (Déjà vu?)

Regards,
Uri
<Standard Disclaimer (I speak only for myself)>

-----Original Message-----
From: pgut001 [mailto:pgut001 at cs.auckland.ac.nz] 
Sent: Wednesday, March 22, 2006 9:41 PM
To: cfrg at ietf.org; ogud at ogud.com; pbaker at verisign.com; Blumenthal, Uri
Subject: RE: [Cfrg] Defining inter operable ECC keys in for IETF protocols

"Blumenthal, Uri" <uri.blumenthal at intel.com> writes:

>I would MUCH prefer ECC - but my lawyers (yuk!) are telling me that there are
>licensing problems, and supposed NSA contacts don't call them back.
>
>Anybody knows anything useful about licensing of ECC GF(p), that he can share
>with me?

Certicom have done such a good job of creating FUD about ECC legal issues
that, unless you're a Certicom licensee, it's easier to not use it at all.  So
far every time I've been asked about ECC support (which admittedly is once a
blue moon anyway), I've asked the organisation who want it to come back to me
with either proof of a Certicom license or a clear statement of which non-
infringing mechanisms they want me to implement.  In every case, after looking
at what's involved, they've decided they didn't need ECC that much anyway.
It's like the conclusion from Wargames, the only way to win is not to play.

Peter.

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

Follow-Ups:
- Re: [Cfrg] Licensing of ECC (was: Defining inter operable ECC keys in for IETF protocols)
  - From: D. J. Bernstein

Prev by Date: Re: [Cfrg] Defining inter operable ECC keys in for IETF protocols
Next by Date: RE: [Cfrg] Defining inter operable ECC keys in for IETF protocols
Previous by thread: RE: [Cfrg] Defining inter operable ECC keys in for IETF protocols (fwd)
Next by thread: Re: [Cfrg] Licensing of ECC (was: Defining inter operable ECC keys in for IETF protocols)
Index(es):
- Date
- Thread