Anil - Unfortunately, I am not intimately familiar with what OpenSSL has implemented. I know that we (Cisco) has been trying to negotiate the minefield I talked about earlier for the better part of a year, but is still working through it. I do know that when I talked with Certicom at the last RSA conference about the NSA license, they told me that it only covered stuff actually sold to the Federal Government and that if I sold any equipment (I work in the IP Telephony group), outside of the Federal Space, I would have to get a separate license. They also said that if a customer wanted to put an ECC key into a x.509 cert that was signed by an RSA key (and there are very very few CAs available that will sign certs with an ECC key), that the customer would have to get a license for that operation. I felt at the time that this basically invalidated the "gift" that they had made to IETF, but that is not a Legal opinion. It is my own personal one. So, as a result, I have basically put any implementation of ECC-based TLS or IKE on hold pending a decision from Cisco corporate. That is why I recommended very strongly that you consult a lawyer. There is a lot of grey area here that might be fine or it might be a very slippery slope to a serious legal hassle.
Bob _____ From: Anilkumar Bollineni [mailto:[EMAIL PROTECTED] Sent: Friday, 11 January, 2008 13:03 To: openssl-users@openssl.org; Bob Bell (rtbell) Subject: RE: About ECC patent and OpenSSL ECC code Hi Bob, I have received so many mails from open-ssl users about this issue. Really thanks for the information. After going through the mails and some documentation about the Certicom patents, I understand that Certicom has more patents in "efficient" implemenation of ECC and not in a way how we implement ECC normally. I need to find out if OpenSSL has any of those "efficient" implementiaons and did voilate any patents. If you know any information on this can you share it? Thanks. Also I have went through a Certicom document saying that certicom has patents in ECDSA usage in IKEv1/IKEv2. http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf >From this document I understand, that whoever wants use to IKEv1/IKEv2 with ECDSA has to get patent license. I hope you (Cisco) might have face same problem. Could you share any of your experience on this? Thanks a lot, Anil "Bob Bell (rtbell)" <[EMAIL PROTECTED]> wrote: Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped. Bob Bell _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: Thursday, 10 January, 2008 12:12 To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil _____ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try <http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8 HDtDypao8Wcj9tAcJ> it now. _____ Never miss a thing. Make Yahoo <http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs> your homepage.
smime.p7s
Description: S/MIME cryptographic signature