Re: OpenBSD/NTRU policy mismatch [Was: NTRU Open Source Project / Post-quantum era]
thanks for the comments! Luckily there are still a few algorithms if NTRU is not good yet: https://en.wikipedia.org/wiki/Post-quantum_cryptography As time goes, maybe this will be a more and more relevant thing. Original Message From: Okembe Mbwambo okembe.mbwa...@yandex.com Apparently from: owner-tech+m42...@openbsd.org To: tech@openbsd.org Subject: OpenBSD/NTRU policy mismatch [Was: NTRU Open Source Project / Post-quantum era] Date: Tue, 26 May 2015 20:50:29 +0200 On 25/05/15 02:50:50 PM, Douglas Ray wrote: 2. The FOSS exception clause above won't help with existing OpenBSD policy, insofar as I understand it here: http://www.openbsd.org/policy.html [note section towards end on GPL under Specific Cases] FWIW, a BSD-licensed NTRU implementation exists at https://github.com/tbuktu/libntru and while it is patent encumbered, it offers a compile switch that causes it to become patent free in 2017 as opposed to the GPL implementation which will be patent encumbered until 2020. Okembe
Re: OpenBSD/NTRU policy mismatch [Was: NTRU Open Source Project / Post-quantum era]
26.05.2015, 23:08, Chris Cappuccio ch...@nmedia.net: FWIW, a BSD-licensed NTRU implementation exists at https://github.com/tbuktu/libntru and while it is patent encumbered, it offers a compile switch that causes it to become patent free in 2017 as opposed to the GPL implementation which will be patent encumbered until 2020. Are the patents held by the copyright authors? If the copyright is not held by the patent holder, I imagine this becomes much less important. From the description on the GitHub page, it looks to me like the BSD-licensed implementation was written by somebody not affiliated with the patent holder. But I guess the only way to know for sure is to ask. Okembe
OpenBSD/NTRU policy mismatch [Was: NTRU Open Source Project / Post-quantum era]
On 25/05/15 02:50:50 PM, Douglas Ray wrote: 2. The FOSS exception clause above won't help with existing OpenBSD policy, insofar as I understand it here: http://www.openbsd.org/policy.html [note section towards end on GPL under Specific Cases] FWIW, a BSD-licensed NTRU implementation exists at https://github.com/tbuktu/libntru and while it is patent encumbered, it offers a compile switch that causes it to become patent free in 2017 as opposed to the GPL implementation which will be patent encumbered until 2020. Okembe
Re: NTRU Open Source Project / Post-quantum era
On Sat, 23 May 2015, ertetlen barmok wrote: Hello, https://github.com/NTRUOpenSourceProject When will LibreSSL have ciphers for the Post-quantum era? http://tech.slashdot.org/story/15/05/15/007248/are-we-entering-a-golden-age-of-quantum-computing-research From wikipedia: NTRU is a patented and ... oh, I stopped reading there.
OpenBSD/NTRU policy mismatch [Was: NTRU Open Source Project / Post-quantum era]
Thanks William and Ertetlen for clarifying: On 25/05/15 10:09 PM, William Whyte wrote: Hi Ertetlen, The base license for NTRU is GPL v2 or higher. However, there's a license to distribute NTRU under GPL alongside open source projects that exist under other licenses: see details at https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/FOSS%20Exception.md 1. I can't speak for the real developers of OpenBSD. (and I'm not advocating anything here, just trying to keep the issues clear). 2. The FOSS exception clause above won't help with existing OpenBSD policy, insofar as I understand it here: http://www.openbsd.org/policy.html [note section towards end on GPL under Specific Cases] So NTRU doesn't seem likely. It would require the project leaders / developers to find some irresistable attraction in NTRU, so great that they wanted to modify the licence policy. 3. I am so out-of-touch I didn't realise new OpenBSD code is under a re-wording of an ISC licence - not the two-clause BSD - so OpenBSD may no longer comply with NTRU's FOSS exception clause. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD cheers, Douglas Which NTRU ciphersuite were you implementing? We're in the process of specifying a new hybrid ciphersuite that allows an NTRU key exchange to be run in parallel to a selected classical ciphersuite, allowing users to use a currently trusted algorithm with NTRU as an additional layer of security; I attach the relevant (not yet distributed) Internet Draft, we'd value your feedback. Cheers, William On Sun, May 24, 2015 at 8:12 AM, ertetlen barmok ertetlenbar...@safe-mail.net mailto:ertetlenbar...@safe-mail.net wrote: Hello, Is the NTRU source available via BSD licence? Thank you. Original Message From: Douglas Ray doug...@cpan.org mailto:doug...@cpan.org To: ertetlen barmok ertetlenbar...@safe-mail.net Subject: Re: NTRU Open Source Project / Post-quantum era Date: Sun, 24 May 2015 20:32:29 +1000 to clarify On 24/05/15 1:57 AM, Mike Burns wrote: On 2015-05-23 05.24.30 -0400, ertetlen barmok wrote: https://github.com/NTRUOpenSourceProject https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/LICENSE.md NTRU cryptographic IP and reference software may be used and modified to the needs of the user as long as the user adheres to version two (2) or higher of the GPL License When will LibreSSL have ciphers for the Post-quantum era? When you submit the patch -- with the correct license. OpenBSD excludes GPL - it uses a BSD licence. Wikipedia claims NTRU is available under GPL or BSD licence. This seems to be contradicted by the NTRU source quoted above. Is there another tree using BSD licencing?
Re: OpenBSD/NTRU policy mismatch [Was: NTRU Open Source Project / Post-quantum era]
No clarification needed: NTRU is patented, with no free for all patent grant. It is a complete non-starter for OpenBSD or OpenSSH. Damien is right. It is patented, meaning they want money. They are willing to allow GPL projects to play along, because this creates a base to extract money from in the future as knowledge of it spreads. Nothing new here. Seen this play before. Get outa here.
Re: OpenBSD/NTRU policy mismatch [Was: NTRU Open Source Project / Post-quantum era]
No clarification needed: NTRU is patented, with no free for all patent grant. It is a complete non-starter for OpenBSD or OpenSSH. On Tue, 26 May 2015, Douglas Ray wrote: Thanks William and Ertetlen for clarifying: On 25/05/15 10:09 PM, William Whyte wrote: Hi Ertetlen, The base license for NTRU is GPL v2 or higher. However, there's a license to distribute NTRU under GPL alongside open source projects that exist under other licenses: see details at https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/FOSS%20Exception.md 1. I can't speak for the real developers of OpenBSD. (and I'm not advocating anything here, just trying to keep the issues clear). 2. The FOSS exception clause above won't help with existing OpenBSD policy, insofar as I understand it here: http://www.openbsd.org/policy.html [note section towards end on GPL under Specific Cases] So NTRU doesn't seem likely. It would require the project leaders / developers to find some irresistable attraction in NTRU, so great that they wanted to modify the licence policy. 3. I am so out-of-touch I didn't realise new OpenBSD code is under a re-wording of an ISC licence - not the two-clause BSD - so OpenBSD may no longer comply with NTRU's FOSS exception clause. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD cheers, Douglas Which NTRU ciphersuite were you implementing? We're in the process of specifying a new hybrid ciphersuite that allows an NTRU key exchange to be run in parallel to a selected classical ciphersuite, allowing users to use a currently trusted algorithm with NTRU as an additional layer of security; I attach the relevant (not yet distributed) Internet Draft, we'd value your feedback. Cheers, William On Sun, May 24, 2015 at 8:12 AM, ertetlen barmok ertetlenbar...@safe-mail.net mailto:ertetlenbar...@safe-mail.net wrote: Hello, Is the NTRU source available via BSD licence? Thank you. Original Message From: Douglas Ray doug...@cpan.org mailto:doug...@cpan.org To: ertetlen barmok ertetlenbar...@safe-mail.net Subject: Re: NTRU Open Source Project / Post-quantum era Date: Sun, 24 May 2015 20:32:29 +1000 to clarify On 24/05/15 1:57 AM, Mike Burns wrote: On 2015-05-23 05.24.30 -0400, ertetlen barmok wrote: https://github.com/NTRUOpenSourceProject https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/LICENSE.md NTRU cryptographic IP and reference software may be used and modified to the needs of the user as long as the user adheres to version two (2) or higher of the GPL License When will LibreSSL have ciphers for the Post-quantum era? When you submit the patch -- with the correct license. OpenBSD excludes GPL - it uses a BSD licence. Wikipedia claims NTRU is available under GPL or BSD licence. This seems to be contradicted by the NTRU source quoted above. Is there another tree using BSD licencing?
NTRU Open Source Project / Post-quantum era
Hello, https://github.com/NTRUOpenSourceProject When will LibreSSL have ciphers for the Post-quantum era? http://tech.slashdot.org/story/15/05/15/007248/are-we-entering-a-golden-age-of-quantum-computing-research
Re: NTRU Open Source Project / Post-quantum era
On 2015-05-23 05.24.30 -0400, ertetlen barmok wrote: https://github.com/NTRUOpenSourceProject https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/LICENSE.md NTRU cryptographic IP and reference software may be used and modified to the needs of the user as long as the user adheres to version two (2) or higher of the GPL License When will LibreSSL have ciphers for the Post-quantum era? When you submit the patch -- with the correct license.