Re: About ECC patent and OpenSSL ECC code
Bob Bell (rtbell) wrote: [...] (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) [...] This patent really can not hold water if challenged (if the content's actually what's described here). This is what x509 has been designed to allow, also prior art of DSA public key X.509 cert signed using RSA is obvious, and you can not claim inventivity by doing exactly the same just with another algorithm, in a system where algorithm flexibility is built-in. But you need the patience, the nerves, the time and foremost the money to challenge it. It's too bad the American patent system apparently does not have a systematic public review period (I understand the new system for that since last year is voluntary, not systematic) like there is in France with the INPI. However, so few people in France know about the process for public review of patents that it's not effective at all (Here's a reference in french about it : http://www.cncpi.fr/LEX--lexique-O-observations-abecedaire-propriete-industrielle.htm , also http://www.inpi.fr/fr/brevets/deposer-un-brevet/les-16-etapes-cles-du-depot.html#c1157) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: About ECC patent and OpenSSL ECC code
Hi there, On Thu, 10 Jan 2008, Rodney Thayer wrote: As far as I'm concerned... Your analysis was very helpful. Thanks very much. -- 73, Ged. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: About ECC patent and OpenSSL ECC code
Prakash Kamath wrote: My opinion: 2 times 2 = 4 no matter what approach you take, and so no one can sue you to doing that Math. However, if someone comes up with a math logic (software, hardware, combo, whatever) that does the same operation in a superior way, then that is patentable. I personally have been in the room when they've been threatening and they try to make it seem that if you THINK about ECC you're a bad implementor ;-) So it's been a thought-suppressing exercise. Note it took the Europeans to have the nerve to put this into OpenSSL to begin with. Nobody in North America would dare. Fortunately, the Internet actually has a bad memory so we're yet again reproducing this conversation. It's clearly better now. Any decade now this may become popular. Hopefully before someone breaks RSA. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: About ECC patent and OpenSSL ECC code
Larry Bugbee wrote: I'm seeing vendors beginning to support ECC, and a couple of CAs discussing and preparing their CPs. who? got names you can mention in public? Our challenge as developers is to understand and be ready. My point is that we've been in get ready for ECC mode since at least 1999. This has all been discussed before many times. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: About ECC patent and OpenSSL ECC code
Hi Bob, I have received so many mails from open-ssl users about this issue. Really thanks for the information. After going through the mails and some documentation about the Certicom patents, I understand that Certicom has more patents in efficient implemenation of ECC and not in a way how we implement ECC normally. I need to find out if OpenSSL has any of those efficient implementiaons and did voilate any patents. If you know any information on this can you share it? Thanks. Also I have went through a Certicom document saying that certicom has patents in ECDSA usage in IKEv1/IKEv2. http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf From this document I understand, that whoever wants use to IKEv1/IKEv2 with ECDSA has to get patent license. I hope you (Cisco) might have face same problem. Could you share any of your experience on this? Thanks a lot, Anil Bob Bell (rtbell) [EMAIL PROTECTED] wrote: Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped. Bob Bell - From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: Thursday, 10 January, 2008 12:12 To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. - Never miss a thing. Make Yahoo your homepage.
RE: About ECC patent and OpenSSL ECC code
Anil - Unfortunately, I am not intimately familiar with what OpenSSL has implemented. I know that we (Cisco) has been trying to negotiate the minefield I talked about earlier for the better part of a year, but is still working through it. I do know that when I talked with Certicom at the last RSA conference about the NSA license, they told me that it only covered stuff actually sold to the Federal Government and that if I sold any equipment (I work in the IP Telephony group), outside of the Federal Space, I would have to get a separate license. They also said that if a customer wanted to put an ECC key into a x.509 cert that was signed by an RSA key (and there are very very few CAs available that will sign certs with an ECC key), that the customer would have to get a license for that operation. I felt at the time that this basically invalidated the gift that they had made to IETF, but that is not a Legal opinion. It is my own personal one. So, as a result, I have basically put any implementation of ECC-based TLS or IKE on hold pending a decision from Cisco corporate. That is why I recommended very strongly that you consult a lawyer. There is a lot of grey area here that might be fine or it might be a very slippery slope to a serious legal hassle. Bob _ From: Anilkumar Bollineni [mailto:[EMAIL PROTECTED] Sent: Friday, 11 January, 2008 13:03 To: openssl-users@openssl.org; Bob Bell (rtbell) Subject: RE: About ECC patent and OpenSSL ECC code Hi Bob, I have received so many mails from open-ssl users about this issue. Really thanks for the information. After going through the mails and some documentation about the Certicom patents, I understand that Certicom has more patents in efficient implemenation of ECC and not in a way how we implement ECC normally. I need to find out if OpenSSL has any of those efficient implementiaons and did voilate any patents. If you know any information on this can you share it? Thanks. Also I have went through a Certicom document saying that certicom has patents in ECDSA usage in IKEv1/IKEv2. http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf From this document I understand, that whoever wants use to IKEv1/IKEv2 with ECDSA has to get patent license. I hope you (Cisco) might have face same problem. Could you share any of your experience on this? Thanks a lot, Anil Bob Bell (rtbell) [EMAIL PROTECTED] wrote: Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped. Bob Bell _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: Thursday, 10 January, 2008 12:12 To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil _ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8 HDtDypao8Wcj9tAcJ it now. _ Never miss a thing. Make Yahoo http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs your homepage. smime.p7s Description: S/MIME cryptographic signature
RE: About ECC patent and OpenSSL ECC code
Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped. Bob Bell _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: Thursday, 10 January, 2008 12:12 To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil _ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8 HDtDypao8Wcj9tAcJ it now. smime.p7s Description: S/MIME cryptographic signature
Re: About ECC patent and OpenSSL ECC code
As a followup you might ask your lawyers to verify if the NSA license is applicable to you. It is my understanding that they may only be applicable when your product is running in a FIPS-140-2 verified mode. Meaning that you have to go through the FIPS-140-2 verification etc before it would be covered by that license. As Bob points out you are safest if you pay your own lawyers to map the minefield as it applies to your product. - max On Jan 10, 2008, at 1:25 PM, Bob Bell (rtbell) wrote: Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/ displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped. Bob Bell From: [EMAIL PROTECTED] [mailto:owner-openssl- [EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: Thursday, 10 January, 2008 12:12 To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: About ECC patent and OpenSSL ECC code
Hi Please remove my from mailing list. Thanks Sanjay This e-mail (and any attachment) has been sent from a PC belonging to DSG Retail Limited (Registered No 504877) or another company in the DSG international group, registered office Maylands Avenue, Hemel Hempstead, Hertfordshire HP2 7TG. If you receive it in error, please tell us by return and then delete it from your system; you may not rely on its contents nor copy/disclose it to anyone. Opinions, conclusions and statements of intent in this e-mail are those of the sender and will not bind any DSG international company unless confirmed by an authorised representative independently of this message. We do not accept responsibility for viruses; you must scan for these. Please note that e-mails sent to and from the DSG international group are routinely monitored for record keeping, quality control and training purposes, to ensure regulatory compliance and to prevent viruses and unauthorised use of our computer systems. __
RE: About ECC patent and OpenSSL ECC code
Please, do the same for my userid too. [EMAIL PROTECTED] Thanks, Mohammed Rahman From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 10, 2008 4:06 PM To: openssl-users@openssl.org Subject: Re: About ECC patent and OpenSSL ECC code Hi Please remove my from mailing list. Thanks Sanjay This e-mail (and any attachment) has been sent from a PC belonging to DSG Retail Limited (Registered No 504877) or another company in the DSG international group, registered office Maylands Avenue, Hemel Hempstead, Hertfordshire HP2 7TG. If you receive it in error, please tell us by return and then delete it from your system; you may not rely on its contents nor copy/disclose it to anyone. Opinions, conclusions and statements of intent in this e-mail are those of the sender and will not bind any DSG international company unless confirmed by an authorised representative independently of this message. We do not accept responsibility for viruses; you must scan for these. Please note that e-mails sent to and from the DSG international group are routinely monitored for record keeping, quality control and training purposes, to ensure regulatory compliance and to prevent viruses and unauthorised use of our computer systems. __
RE: About ECC patent and OpenSSL ECC code
I would characterize the Certicom patents as falling into 3 main categories: 1) patents relating to the use of ECC in very specific application circumstances This represents the bulk of Certicom patents. For these patents you will have to do your own research as they are dependent on you application and have nothing to do with OpenSSL. 2) patents that improve the performance of the underlying mathematics For these patents, it would be difficult to say if the developers who implemented the underlying math algorithms happened to implement a patented Certicom technique. However, unless they were actually using the patent docs during implementation, I doubt that this would be the case. 3) patents on ECC techniques Now these are the ones you can find in the implementation of OpenSSL. There are two main ones here - point compression and MQV. Point compression reduces the size of an ECC public key, but ECC keys are much smaller than RSA keys even without it, so this one can be avoided. MQV is a key exchange technique. It also can be avoided by using ECDH. NSA licensed 26 Certicom patents (which includes MQV and point compression) for use in government applications with prime modulus curves greater than 255. This is a good QA on the details of this license http://www.certicom.ca/download/aid-501/FAQ-The%20NSA%20ECC%20License%20 Agreement.pdf NSA did not license all of Certicom's patents, only a subset for use in a limited field of use. Bill From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: January 10, 2008 2:12 PM To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil
RE: About ECC patent and OpenSSL ECC code
Thanks a lot for the responses.
Bill, I agree with you that the use of ECC is really matters here, the area
where Certicom holds ECC patents. One of our application with respect to ECC
that are planning to use ECDSA (Elliptic Curve DSA) signature based certificate
generation/verification, signature generation/verification. Meanwhile I talked
to one of the sales guy from Certicom, and he is saying that one of certicom
patents is related to ECDSA and he said if I want to do ECDSA from OpenSSL,
then I need to get license.I am not sure whether that information is correct or
not.
The OpenSSL does not say anyword about the EC/ECDSA usage and its patents
information in Certicom. The only thing I got about that is that Sun has
donated the EC code to OpenSSL.
If OpenSSL users are really violating the Certicom patents then if users need
to be aware of that, then it is better that OpenSSL tell some information about
it in the release notes. Or May be that OpenSSL EC implementation does not
violate any certicom patents and that's why OpenSSL is not mentioning? Could
somebody has any insight in it?
Thanks again.
Best Regards,
Anil
Bill Colvin [EMAIL PROTECTED] wrote:
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);}
st1\:*{behavior:url(#default#ieooui) }I would characterize the
Certicom patents as falling into 3 main categories:
1) patents relating to the use of ECC in very specific application
circumstances
This represents the bulk of Certicom patents. For these patents you will have
to do your own research as they are dependent on you application and have
nothing to do with OpenSSL.
2) patents that improve the performance of the underlying mathematics
For these patents, it would be difficult to say if the developers who
implemented the underlying math algorithms happened to implement a patented
Certicom technique. However, unless they were actually using the patent docs
during implementation, I doubt that this would be the case.
3) patents on ECC techniques
Now these are the ones you can find in the implementation of OpenSSL. There
are two main ones here point compression and MQV. Point compression reduces
the size of an ECC public key, but ECC keys are much smaller than RSA keys even
without it, so this one can be avoided. MQV is a key exchange technique. It
also can be avoided by using ECDH.
NSA licensed 26 Certicom patents (which includes MQV and point compression)
for use in government applications with prime modulus curves greater than 255.
This is a good QA on the details of this license
http://www.certicom.ca/download/aid-501/FAQ-The%20NSA%20ECC%20License%20Agreement.pdf
NSA did not license all of Certicoms patents, only a subset for use in a
limited field of use.
Bill
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar
Bollineni
Sent: January 10, 2008 2:12 PM
To: openssl-users@openssl.org
Subject: About ECC patent and OpenSSL ECC code
Hi there,
I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw
that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that
Certicom has held 130 patents in ECC area and finally NSA has licensed that
code.
Suppose if I download the code from the OpenSSL and try to develop a
product using the OpenSSL ECC code, does it violate any patent issue with
certicom?
Can anybody share any experience or information about this?
Thanks for support.
-Anil
-
Never miss a thing. Make Yahoo your homepage.
Re: About ECC patent and OpenSSL ECC code
There is no substitute for legal counsel, but Tom had a summary that you might be interested in... http://libtom.org/pages/toorcon8_ecc_tstdenis.pdf See slides 24-27. Larry On Jan 10, 2008, at 2:25 PM, Anilkumar Bollineni wrote: Thanks a lot for the responses. Bill, I agree with you that the use of ECC is really matters here, the area where Certicom holds ECC patents. One of our application with respect to ECC that are planning to use ECDSA (Elliptic Curve DSA) signature based certificate generation/verification, signature generation/verification. Meanwhile I talked to one of the sales guy from Certicom, and he is saying that one of certicom patents is related to ECDSA and he said if I want to do ECDSA from OpenSSL, then I need to get license.I am not sure whether that information is correct or not. The OpenSSL does not say anyword about the EC/ECDSA usage and its patents information in Certicom. The only thing I got about that is that Sun has donated the EC code to OpenSSL. If OpenSSL users are really violating the Certicom patents then if users need to be aware of that, then it is better that OpenSSL tell some information about it in the release notes. Or May be that OpenSSL EC implementation does not violate any certicom patents and that's why OpenSSL is not mentioning? Could somebody has any insight in it? Thanks again. Best Regards, Anil Bill Colvin [EMAIL PROTECTED] wrote: I would characterize the Certicom patents as falling into 3 main categories: 1) patents relating to the use of ECC in very specific application circumstances This represents the bulk of Certicom patents. For these patents you will have to do your own research as they are dependent on you application and have nothing to do with OpenSSL. 2) patents that improve the performance of the underlying mathematics For these patents, it would be difficult to say if the developers who implemented the underlying math algorithms happened to implement a patented Certicom technique. However, unless they were actually using the patent docs during implementation, I doubt that this would be the case. 3) patents on ECC techniques Now these are the ones you can find in the implementation of OpenSSL. There are two main ones here – point compression and MQV. Point compression reduces the size of an ECC public key, but ECC keys are much smaller than RSA keys even without it, so this one can be avoided. MQV is a key exchange technique. It also can be avoided by using ECDH. NSA licensed 26 Certicom patents (which includes MQV and point compression) for use in government applications with prime modulus curves greater than 255. This is a good QA on the details of this license http://www.certicom.ca/download/aid-501/FAQ-The%20NSA%20ECC%20License%20Agreement.pdf NSA did not license all of Certicom’s patents, only a subset for use in a limited “field of use”. Bill From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Anilkumar Bollineni Sent: January 10, 2008 2:12 PM To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil Never miss a thing. Make Yahoo your homepage.
Re: About ECC patent and OpenSSL ECC code
As far as I'm concerned, ECC isn't a legitimate public key algorithm for enterprise use at this time because you can't buy a cert from a CA listed in a major browser where the cert uses ECC. Also, those of use who went through the onerous and in the end counterproductive experience of licensing RSA can tell you that the give me money or I'll sue you business model got old after a while. I'm not a lawyer but I do have to give CTO-class advice and, assuming you've found a business case for ECC, I always recommend people do a build/buy/license/let them threaten litigation we don't care comparison before entering into not-obviously-useful patent licensing deals. So I recommending paying a lawyer to determine if you even care about some vendor's alleged patent portfolio. The fact ECC is in OpenSSL is cute. In the oh, isn't that cool, they implement IDEA, RC-6, and ECC kind of exotic crypto side-show kind of way. It's not part of openssl, the open source TLS/SSL implementation you can use in the real world any more than any other non-IE/Firefox-supported TLS ciphersuite combination would be. I'd be more impressed with the NSA/Certicom deal if I could find any public evidence there's any PKI anywhere using ECC for a US .gov. As it is this just ends up looking like another exotic military purchase not related to the enterprise world. Show me an HSPD-12 spec that tells me I have to use ECC ;-) Larry Bugbee wrote: There is no substitute for legal counsel, but Tom had a summary that you might be interested in... http://libtom.org/pages/toorcon8_ecc_tstdenis.pdf See slides 24-27. Larry On Jan 10, 2008, at 2:25 PM, Anilkumar Bollineni wrote: Thanks a lot for the responses. Bill, I agree with you that the use of ECC is really matters here, the area where Certicom holds ECC patents. One of our application with respect to ECC that are planning to use ECDSA (Elliptic Curve DSA) signature based certificate generation/verification, signature generation/verification. Meanwhile I talked to one of the sales guy from Certicom, and he is saying that one of certicom patents is related to ECDSA and he said if I want to do ECDSA from OpenSSL, then I need to get license.I am not sure whether that information is correct or not. The OpenSSL does not say anyword about the EC/ECDSA usage and its patents information in Certicom. The only thing I got about that is that Sun has donated the EC code to OpenSSL. If OpenSSL users are really violating the Certicom patents then if users need to be aware of that, then it is better that OpenSSL tell some information about it in the release notes. Or May be that OpenSSL EC implementation does not violate any certicom patents and that's why OpenSSL is not mentioning? Could somebody has any insight in it? Thanks again. Best Regards, Anil Bill Colvin [EMAIL PROTECTED] wrote: I would characterize the Certicom patents as falling into 3 main categories: 1) patents relating to the use of ECC in very specific application circumstances This represents the bulk of Certicom patents. For these patents you will have to do your own research as they are dependent on you application and have nothing to do with OpenSSL. 2) patents that improve the performance of the underlying mathematics For these patents, it would be difficult to say if the developers who implemented the underlying math algorithms happened to implement a patented Certicom technique. However, unless they were actually using the patent docs during implementation, I doubt that this would be the case. 3) patents on ECC techniques Now these are the ones you can find in the implementation of OpenSSL. There are two main ones here – point compression and MQV. Point compression reduces the size of an ECC public key, but ECC keys are much smaller than RSA keys even without it, so this one can be avoided. MQV is a key exchange technique. It also can be avoided by using ECDH. NSA licensed 26 Certicom patents (which includes MQV and point compression) for use in government applications with prime modulus curves greater than 255. This is a good QA on the details of this license http://www.certicom.ca/download/aid-501/FAQ-The%20NSA%20ECC%20License%20Agreement.pdf NSA did not license all of Certicom’s patents, only a subset for use in a limited “field of use”. Bill From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: January 10, 2008 2:12 PM To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody
Re: About ECC patent and OpenSSL ECC code
Perhaps, and I'm not disagreeing, but for the most part, the crypto libraries have had ECC support for some time. I'm seeing vendors beginning to support ECC, and a couple of CAs discussing and preparing their CPs. Couple all this with the NIST/NSA Suite B recommendation to go there, it is only a matter of time. My personal guess is that before the end of this year we will see major implementations, first as an option. Most will be vanilla implementations staying away from the patented subtopics. In 2009-2010 I expect to see ECC in fairly common use, starting with in niche applications, the mainstream to follow. Our challenge as developers is to understand and be ready. My 2 cents. On Jan 10, 2008, at 4:36 PM, Rodney Thayer wrote: As far as I'm concerned, ECC isn't a legitimate public key algorithm for enterprise use at this time because you can't buy a cert from a CA listed in a major browser where the cert uses ECC. Also, those of use who went through the onerous and in the end counterproductive experience of licensing RSA can tell you that the give me money or I'll sue you business model got old after a while. I'm not a lawyer but I do have to give CTO-class advice and, assuming you've found a business case for ECC, I always recommend people do a build/buy/license/let them threaten litigation we don't care comparison before entering into not-obviously-useful patent licensing deals. So I recommending paying a lawyer to determine if you even care about some vendor's alleged patent portfolio. The fact ECC is in OpenSSL is cute. In the oh, isn't that cool, they implement IDEA, RC-6, and ECC kind of exotic crypto side-show kind of way. It's not part of openssl, the open source TLS/SSL implementation you can use in the real world any more than any other non-IE/Firefox-supported TLS ciphersuite combination would be. I'd be more impressed with the NSA/Certicom deal if I could find any public evidence there's any PKI anywhere using ECC for a US .gov. As it is this just ends up looking like another exotic military purchase not related to the enterprise world. Show me an HSPD-12 spec that tells me I have to use ECC ;-) Larry Bugbee wrote: There is no substitute for legal counsel, but Tom had a summary that you might be interested in... http://libtom.org/pages/toorcon8_ecc_tstdenis.pdf See slides 24-27. Larry On Jan 10, 2008, at 2:25 PM, Anilkumar Bollineni wrote: Thanks a lot for the responses. Bill, I agree with you that the use of ECC is really matters here, the area where Certicom holds ECC patents. One of our application with respect to ECC that are planning to use ECDSA (Elliptic Curve DSA) signature based certificate generation/verification, signature generation/verification. Meanwhile I talked to one of the sales guy from Certicom, and he is saying that one of certicom patents is related to ECDSA and he said if I want to do ECDSA from OpenSSL, then I need to get license.I am not sure whether that information is correct or not. The OpenSSL does not say anyword about the EC/ECDSA usage and its patents information in Certicom. The only thing I got about that is that Sun has donated the EC code to OpenSSL. If OpenSSL users are really violating the Certicom patents then if users need to be aware of that, then it is better that OpenSSL tell some information about it in the release notes. Or May be that OpenSSL EC implementation does not violate any certicom patents and that's why OpenSSL is not mentioning? Could somebody has any insight in it? Thanks again. Best Regards, Anil Bill Colvin [EMAIL PROTECTED] wrote: I would characterize the Certicom patents as falling into 3 main categories: 1) patents relating to the use of ECC in very specific application circumstances This represents the bulk of Certicom patents. For these patents you will have to do your own research as they are dependent on you application and have nothing to do with OpenSSL. 2) patents that improve the performance of the underlying mathematics For these patents, it would be difficult to say if the developers who implemented the underlying math algorithms happened to implement a patented Certicom technique. However, unless they were actually using the patent docs during implementation, I doubt that this would be the case. 3) patents on ECC techniques Now these are the ones you can find in the implementation of OpenSSL. There are two main ones here – point compression and MQV. Point compression reduces the size of an ECC public key, but ECC keys are much smaller than RSA keys even without it, so this one can be avoided. MQV is a key exchange technique. It also can be avoided by using ECDH. NSA licensed 26 Certicom patents (which includes MQV and point compression) for use in government applications with prime modulus curves greater than 255. This is a good QA on the details of this
RE: About ECC patent and OpenSSL ECC code
My opinion: 2 times 2 = 4 no matter what approach you take, and so no one can sue you to doing that Math. However, if someone comes up with a math logic (software, hardware, combo, whatever) that does the same operation in a superior way, then that is patentable. Similarly, ECC is based on (as the name says) Elleciptic curves. This theory has been around for at least 2 decades (if I am right?). We cannot be prohibited from using it the simple way. However, if you use better (faster, more efficient) ways to do the same point operation, etc, that method may have been patented. E.g., if I remember right, a faster way to check if a point is on the curve, you need to do a cube of just the x or y coordinate. This is patented by Certicom. But no one can stop you from doing a straightforward/basic point on the curve check for free. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Bugbee Sent: Thursday, January 10, 2008 9:41 PM To: openssl-users@openssl.org Subject: Re: About ECC patent and OpenSSL ECC code Perhaps, and I'm not disagreeing, but for the most part, the crypto libraries have had ECC support for some time. I'm seeing vendors beginning to support ECC, and a couple of CAs discussing and preparing their CPs. Couple all this with the NIST/NSA Suite B recommendation to go there, it is only a matter of time. My personal guess is that before the end of this year we will see major implementations, first as an option. Most will be vanilla implementations staying away from the patented subtopics. In 2009-2010 I expect to see ECC in fairly common use, starting with in niche applications, the mainstream to follow. Our challenge as developers is to understand and be ready. My 2 cents. On Jan 10, 2008, at 4:36 PM, Rodney Thayer wrote: As far as I'm concerned, ECC isn't a legitimate public key algorithm for enterprise use at this time because you can't buy a cert from a CA listed in a major browser where the cert uses ECC. Also, those of use who went through the onerous and in the end counterproductive experience of licensing RSA can tell you that the give me money or I'll sue you business model got old after a while. I'm not a lawyer but I do have to give CTO-class advice and, assuming you've found a business case for ECC, I always recommend people do a build/buy/license/let them threaten litigation we don't care comparison before entering into not-obviously-useful patent licensing deals. So I recommending paying a lawyer to determine if you even care about some vendor's alleged patent portfolio. The fact ECC is in OpenSSL is cute. In the oh, isn't that cool, they implement IDEA, RC-6, and ECC kind of exotic crypto side-show kind of way. It's not part of openssl, the open source TLS/SSL implementation you can use in the real world any more than any other non-IE/Firefox-supported TLS ciphersuite combination would be. I'd be more impressed with the NSA/Certicom deal if I could find any public evidence there's any PKI anywhere using ECC for a US .gov. As it is this just ends up looking like another exotic military purchase not related to the enterprise world. Show me an HSPD-12 spec that tells me I have to use ECC ;-) Larry Bugbee wrote: There is no substitute for legal counsel, but Tom had a summary that you might be interested in... http://libtom.org/pages/toorcon8_ecc_tstdenis.pdf See slides 24-27. Larry On Jan 10, 2008, at 2:25 PM, Anilkumar Bollineni wrote: Thanks a lot for the responses. Bill, I agree with you that the use of ECC is really matters here, the area where Certicom holds ECC patents. One of our application with respect to ECC that are planning to use ECDSA (Elliptic Curve DSA) signature based certificate generation/verification, signature generation/verification. Meanwhile I talked to one of the sales guy from Certicom, and he is saying that one of certicom patents is related to ECDSA and he said if I want to do ECDSA from OpenSSL, then I need to get license.I am not sure whether that information is correct or not. The OpenSSL does not say anyword about the EC/ECDSA usage and its patents information in Certicom. The only thing I got about that is that Sun has donated the EC code to OpenSSL. If OpenSSL users are really violating the Certicom patents then if users need to be aware of that, then it is better that OpenSSL tell some information about it in the release notes. Or May be that OpenSSL EC implementation does not violate any certicom patents and that's why OpenSSL is not mentioning? Could somebody has any insight in it? Thanks again. Best Regards, Anil Bill Colvin [EMAIL PROTECTED] wrote: I would characterize the Certicom patents as falling into 3 main categories: 1) patents relating to the use of ECC in very specific application circumstances This represents the bulk of Certicom
