Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC

To: Russ Housley <housley at vigilsec.com>
Subject: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
From: Dean Anderson <dean at av8.com>
Date: Wed, 25 Jun 2008 18:11:58 -0400 (EDT)
Cc: tls at ietf.org, rms at gnu.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <200806252120.RAA19115@odie.av8.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org

On Wed, 25 Jun 2008, Russ Housley wrote:

> Dean:
> 
> >If I understand correctly, Certicom has over 130 patents in ECC and
> >public key crypto and has sold 26 patents and patent applications on the
> >subject to the US National Security Agency. The NSA controls licening
> >rights on those patents, not Certicom. The licensing situation is much
> >more clouded by that sale.
> 
> You do not understand correctly. NSA and Certicom gave briefings at 
> the SAAG session at the last IETF meeting held in Washington, 
> DC.  The slides and other information from that session are in the proceedings.

Thanks. It appears my only misconception was thinking that Certicom sold
the patents outright---it did not. Rather, it sold the _licensing_
rights to 26 patents to the NSA.

However, this misconception is hardly relevant to the concerns I raised.  

Indeed, it appears to be the case that I was correct on the principle
issue:  That the general public is not licenced to use these patents on
implementing this draft.

> http://www.ietf.org/proceedings/04nov/slides/saag-2/sld1.htm

The above presentation doesn't give the general public or the IETF the
right to use the patents. The presentation just reviews the NSA's rights
to licence the patents, and explains how to get an NSA license.  The
presentation seems to suggest that only USG purposes (as opposed to
private commercial) will be granted by the NSA. This may seem kind of
odd, since the USG can always use patents---you can't sue the US
government for infringement.  Of course, the NSA also wants to give the
technology to foreign governments, which would be covered by a US
Patent, so the NSA purchase does make sense.  Nowhere in the
presentation does it say that anyone who asks will be granted a license.

As slide 5 shows, licensing is for a NSA-approved products and those are
defined as being products for use by "Federal, State or Local government
agencis protecting classified or mission critical national security
information, or" [next slide] "-Foreign government agencies..."  That
doesn't seem to cover the IETF or the general public.

> http://www.ietf.org/proceedings/04nov/slides/saag-5.pdf

The above identifies the 26 patents the NSA can licence. Thanks.

> http://www.ietf.org/proceedings/04nov/slides/saag-4/sld1.htm

The above presentation just covers software that Certicom will give to
NSA users, not to the general public.

	--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
  - From: Whyte, William

Prev by Date: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Next by Date: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Previous by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Next by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Index(es):
- Date
- Thread

Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.