On Fri, Jul 15, 2011 at 10:32 AM, Gaglia <san...@paranoici.org> wrote:
> On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
>> ...
>
> Excuse me, I got lost somewhere... Does this mean that it is not
> possible to use EC crypto with OpenSSL because the algorithms are
> patented? If so, why OpenSSL does provide support to EC crypto?

EC is considered to be a patent minefield.  Some people (RSA Data
Security) say that it's possible to implement EC cryptography using
different types of algorithms which are not covered by the patents.
Other people (Bruce Schneier, US NSA) say that the mechanism itself is
patented, not simply specific algorithms for calculation.

The US NSA licensed from Certicom the right to sublicense the EC
algorithms used in "Suite B".  My understanding is that OpenSSL
received a gift from Sun Microsystems of its EC sublicense from NSA.

> Let's put it in this way: in the unlikely and deplorable event of an
> user willing to illegally use patented EC cryptography with OpenSSL for
> personal use (hence assuming responsibility for any consequence), could
> he/she use OpenSSL? Is OpenSSL able to handle this kind of crypto?

Yes.  And, given OpenSSL's EC sublicense gift, the user of OpenSSL (if
my understanding is correct, IANAL!) is also licensed.

> I
> guess yes, for (as in the first post of the thread) I managed to
> apparently do a lot of things with the curve of my choice... My question
> is, apart from legal considerations: did I do something wrong in the
> certificate generation process?

Nobody can know unless you post the certificate in question, or at the
least the dump of the x509 structure you have.

One thing that might cause a problem is if you enabled EC point
compression in your OpenSSL compile, as I don't believe OpenSSL has a
license for that.

-Kyle H
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to