Frank, I'm pretty sure you meant to say Certicom (who are now owned by RIM) rather than Entrust. (Perhaps you were thinking of Entrust's CRL Distribution Points patent, a license for which was granted to Mozilla relatively recently?)
Certicom have said that their desire is "to facilitate the wide-scale adoption and proliferation of Elliptic Curve Cryptography (ECC) technology" and that they "will, upon request, provide a nonexclusive, royalty free patent license, to manufacturers to permit end users (including both client and server sides), to use the patents..." https://datatracker.ietf.org/ipr/1154/ http://www.certicom.com/images/pdfs/certicom%20-ipr-contribution-to- ietfsept08.pdf Does anybody know if Mozilla/NSS has actually requested and obtained a nonexclusive, royalty free patent license from Certicom/RIM? On Tuesday 03 November 2009 18:49:57 Frank Hecker wrote: > David Stutzman wrote: > > Rob Stradling wrote: > >> A question for the NSS devs: > >> Is there any reason why NSS couldn't be changed to assume > >> "NSS_ENABLE_ECC=1" by default? > > > > Yes... > > http://fedoraproject.org/wiki/User:Peter/Disabled_applications > > > > Disabled features: > > Elliptic Curve crypto algorithm > > > > Reasons: > > software patents and US Laws (?) > > I think these reasons are out of date and not applicable. > > Re patents, Entrust freely licensed enough of their ECC-relevant patents > to permit it to be implemented in NSS (though IIRC Entrust retains > rights to certain ECC-related patent, which is why the NSS > implementation doesn't include as many ECC features as it otherwise might). > > Re US laws, to my knowledge there are no US laws or regulations that > would specifically affect ECC as opposed to other encryption mechanisms. > US encryption export control regulations don't distinguish between ECC > and (e.g.) RSA, AES, etc., and have permitted export of open source > encryption code since 2000 or so. > > Frank > Rob Stradling Senior Research & Development Scientist C·O·M·O·D·O -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto