Hi Bob, I have received so many mails from open-ssl users about this issue. Really thanks for the information. After going through the mails and some documentation about the Certicom patents, I understand that Certicom has more patents in "efficient" implemenation of ECC and not in a way how we implement ECC normally. I need to find out if OpenSSL has any of those "efficient" implementiaons and did voilate any patents. If you know any information on this can you share it? Thanks. Also I have went through a Certicom document saying that certicom has patents in ECDSA usage in IKEv1/IKEv2. http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf From this document I understand, that whoever wants use to IKEv1/IKEv2 with ECDSA has to get patent license. I hope you (Cisco) might have face same problem. Could you share any of your experience on this? Thanks a lot, Anil
"Bob Bell (rtbell)" <[EMAIL PROTECTED]> wrote: Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped. Bob Bell --------------------------------- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: Thursday, 10 January, 2008 12:12 To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. --------------------------------- Never miss a thing. Make Yahoo your homepage.