Hi Bob,
I have received so many mails from open-ssl users about this issue. Really
thanks for the information. After going through the mails and some
documentation about the Certicom patents, I understand that Certicom has more
patents in "efficient" implemenation of ECC and not in a way how we implement
ECC normally. I need to find out if OpenSSL has any of those "efficient"
implementiaons and did voilate any patents. If you know any information on this
can you share it? Thanks.
Also I have went through a Certicom document saying that certicom has patents
in ECDSA usage in IKEv1/IKEv2.
http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf
From this document I understand, that whoever wants use to IKEv1/IKEv2 with
ECDSA has to get patent license. I hope you (Cisco) might have face same
problem. Could you share any of your experience on this?
Thanks a lot,
Anil
"Bob Bell (rtbell)" <[EMAIL PROTECTED]> wrote:
Anil -
There are a lot of legal issues surrounding the use of Certicom patented ECC
code. One of the things that happened a couple of IETF meetings ago was that
Certicom signed a letter allowing the use of some of their patents for things
like TLS. However, there are a number of legal requirements attached, including
the listing/displaying of the Certicom patents on splash screens or on the
hardware device depending on the type of implementation. I would strongly urge
you to have a lawyer research these licensing agreements and then research
(with you) what additional patents might be involved (for instance Certicom has
a patent on having an ECC public key in an X.509 cert signed using RSA) in your
product. While ECC is a marvelous technology, there is a large minefield that
still needs to be mapped.
Bob Bell
---------------------------------
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar
Bollineni
Sent: Thursday, 10 January, 2008 12:12
To: openssl-users@openssl.org
Subject: About ECC patent and OpenSSL ECC code
Hi there,
I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw
that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that
Certicom has held 130 patents in ECC area and finally NSA has licensed that
code.
Suppose if I download the code from the OpenSSL and try to develop a product
using the OpenSSL ECC code, does it violate any patent issue with certicom?
Can anybody share any experience or information about this?
Thanks for support.
-Anil
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
---------------------------------
Never miss a thing. Make Yahoo your homepage.
