Patent Infringement Safe Configuration of Openssl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Patent Infringement Safe Configuration of Openssl

Roger No-Spam
Hello,

I am currently looking into what configuration of openssl that would be
patent infringement safe world wide. This is what come up with so far.

IDEA should be left out, Ascom holds a patent for this algorithm.
RC5 should be left out. RSA security holds a patent for this algorithm

MD2, MD4 and MD5 are ok to use. RSA Security has published an IPR disclosure
on www.ietf.org stating that these algorithms can be made, used and sold
without any license from RSA Security Inc.

Is RSA ok to include? The RSA patent has expired in the US, but what about
other countries?

What about eliptic curves? I have found some discussions on emailing lists
about Sun's eliptic curve contribution to Openssl and possible IPR issues?
What is the status?

Are there other patents or other IPR issues that needs to be considered?

Regards Roger

_________________________________________________________________
Nyhet! Hotmail direkt i Mobilen! http://mobile.msn.com/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Patent Infringement Safe Configuration of Openssl

Kyle Hamilton
I would direct you to Schneier ("Applied Cryptography") for patents
related to things that were known in 1996, including elliptic curve.

None of us on the list are lawyers, and we certainly haven't done an
exhaustive patent search.

-Kyle H

On 2/20/06, Roger Boden <[hidden email]> wrote:

> Hello,
>
> I am currently looking into what configuration of openssl that would be
> patent infringement safe world wide. This is what come up with so far.
>
> IDEA should be left out, Ascom holds a patent for this algorithm.
> RC5 should be left out. RSA security holds a patent for this algorithm
>
> MD2, MD4 and MD5 are ok to use. RSA Security has published an IPR disclosure
> on www.ietf.org stating that these algorithms can be made, used and sold
> without any license from RSA Security Inc.
>
> Is RSA ok to include? The RSA patent has expired in the US, but what about
> other countries?
>
> What about eliptic curves? I have found some discussions on emailing lists
> about Sun's eliptic curve contribution to Openssl and possible IPR issues?
> What is the status?
>
> Are there other patents or other IPR issues that needs to be considered?
>
> Regards Roger
>
> _________________________________________________________________
> Nyhet! Hotmail direkt i Mobilen! http://mobile.msn.com/
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Patent Infringement Safe Configuration of Openssl

Vladimir Botka
Hi,
according to E.Rescorla: "SSL and TLS" ISBN 0-201-61598-3 p.53 OpenSSL
is free for commercial and noncommercial use (BSD-style license). RSA`s
patent expired in September 2000. As of the direction, I would prefer
J.Menezes: "Handbook of Applied Cryptography" ISBN 0-8943-8523-7.

Regards,

  -vlado

D0000000000000000000000000000000


On Fri, 24 Feb 2006, Kyle Hamilton wrote:

> I would direct you to Schneier ("Applied Cryptography") for patents
> related to things that were known in 1996, including elliptic curve.
>
> None of us on the list are lawyers, and we certainly haven't done an
> exhaustive patent search.
>
> -Kyle H
>
> On 2/20/06, Roger Boden <[hidden email]> wrote:
>> Hello,
>>
>> I am currently looking into what configuration of openssl that would be
>> patent infringement safe world wide. This is what come up with so far.
>>
>> IDEA should be left out, Ascom holds a patent for this algorithm.
>> RC5 should be left out. RSA security holds a patent for this algorithm
>>
>> MD2, MD4 and MD5 are ok to use. RSA Security has published an IPR disclosure
>> on www.ietf.org stating that these algorithms can be made, used and sold
>> without any license from RSA Security Inc.
>>
>> Is RSA ok to include? The RSA patent has expired in the US, but what about
>> other countries?
>>
>> What about eliptic curves? I have found some discussions on emailing lists
>> about Sun's eliptic curve contribution to Openssl and possible IPR issues?
>> What is the status?
>>
>> Are there other patents or other IPR issues that needs to be considered?
>>
>> Regards Roger
>>
>> _________________________________________________________________
>> Nyhet! Hotmail direkt i Mobilen! http://mobile.msn.com/
>>
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    [hidden email]
>> Automated List Manager                           [hidden email]
>>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Patent Infringement Safe Configuration of Openssl

Kyle Hamilton
OpenSSL does implement the IDEA algorithm, though, which is still
patented.  Thus, it's a very valid question, what the patent status of
each algorithm is, and what the best way to build a noninfringing
version is.

RSA and Diffie-Hellmann are both expired.  RC2 and RC4 weren't ever
patented, but RC5 is.  (RC4 was being protected as a 'trade secret',
but source that implemented a fully-interoperable cipher was posted to
the 'net.  These are the few that I know off the top of my head.)

-Kyle H

On 2/25/06, Vladimir Botka <[hidden email]> wrote:

> Hi,
> according to E.Rescorla: "SSL and TLS" ISBN 0-201-61598-3 p.53 OpenSSL
> is free for commercial and noncommercial use (BSD-style license). RSA`s
> patent expired in September 2000. As of the direction, I would prefer
> J.Menezes: "Handbook of Applied Cryptography" ISBN 0-8943-8523-7.
>
> Regards,
>
>         -vlado
>
> D0000000000000000000000000000000
>
>
> On Fri, 24 Feb 2006, Kyle Hamilton wrote:
>
> > I would direct you to Schneier ("Applied Cryptography") for patents
> > related to things that were known in 1996, including elliptic curve.
> >
> > None of us on the list are lawyers, and we certainly haven't done an
> > exhaustive patent search.
> >
> > -Kyle H
> >
> > On 2/20/06, Roger Boden <[hidden email]> wrote:
> >> Hello,
> >>
> >> I am currently looking into what configuration of openssl that would be
> >> patent infringement safe world wide. This is what come up with so far.
> >>
> >> IDEA should be left out, Ascom holds a patent for this algorithm.
> >> RC5 should be left out. RSA security holds a patent for this algorithm
> >>
> >> MD2, MD4 and MD5 are ok to use. RSA Security has published an IPR disclosure
> >> on www.ietf.org stating that these algorithms can be made, used and sold
> >> without any license from RSA Security Inc.
> >>
> >> Is RSA ok to include? The RSA patent has expired in the US, but what about
> >> other countries?
> >>
> >> What about eliptic curves? I have found some discussions on emailing lists
> >> about Sun's eliptic curve contribution to Openssl and possible IPR issues?
> >> What is the status?
> >>
> >> Are there other patents or other IPR issues that needs to be considered?
> >>
> >> Regards Roger
> >>
> >> _________________________________________________________________
> >> Nyhet! Hotmail direkt i Mobilen! http://mobile.msn.com/
> >>
> >> ______________________________________________________________________
> >> OpenSSL Project                                 http://www.openssl.org
> >> User Support Mailing List                    [hidden email]
> >> Automated List Manager                           [hidden email]
> >>
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [hidden email]
> > Automated List Manager                           [hidden email]
> >
> >
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]