IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: SRP in OpenSSH draft protocol spec



"Niels Möller" wrote:
> 
> I've discussed this some more with Tom Wu. I'm not sure it would be
> appropriate to quote it all here, but the main point seem to be that
> SRP is patented, but licensed freely. Thus, the SRP case is not much
> different from CAST-128 and CAST-256, patented by Entrust, or for that
> matter DES, which I believe was patented (by IBM?) and then freely
> licensed after it became a US government standard.

Or, for that matter, PSS, DSA, SHA-1, etc.  The more I investigated
this, the more I found it to be the norm rather than the exception.

> I'm by no means a patent expert, but I feel that SRP is free enough
> for use in free software, and that ought to be free enough for
> anybody.
> 
> It would be good if someone more official at stanford could back up
> Tom's statement, though.

If you ask the Stanford OTL, they will of course confirm the IETF
licensing statement.  It may take you a few weeks (they're busy folks),
and you'll have to wade through some legalese, but you'll get it.  In
the meantime, you have a clear statement from the inventor of the
royalty-free license.

> /Niels

-- 
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."



Home | Main Index | Thread Index | Old Index