Re: SRP in OpenSSH draft protocol spec

To: Niels Möller <nisse%lysator.liu.se@localhost>
Subject: Re: SRP in OpenSSH draft protocol spec
From: Tom Wu <tom%arcot.com@localhost>
Date: Mon, 02 Apr 2001 15:42:54 -0700

"Niels Möller" wrote:
> 
> I've discussed this some more with Tom Wu. I'm not sure it would be
> appropriate to quote it all here, but the main point seem to be that
> SRP is patented, but licensed freely. Thus, the SRP case is not much
> different from CAST-128 and CAST-256, patented by Entrust, or for that
> matter DES, which I believe was patented (by IBM?) and then freely
> licensed after it became a US government standard.

Or, for that matter, PSS, DSA, SHA-1, etc.  The more I investigated
this, the more I found it to be the norm rather than the exception.

> I'm by no means a patent expert, but I feel that SRP is free enough
> for use in free software, and that ought to be free enough for
> anybody.
> 
> It would be good if someone more official at stanford could back up
> Tom's statement, though.

If you ask the Stanford OTL, they will of course confirm the IETF
licensing statement.  It may take you a few weeks (they're busy folks),
and you'll have to wade through some legalese, but you'll get it.  In
the meantime, you have a clear statement from the inventor of the
royalty-free license.

> /Niels

-- 
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."

Follow-Ups:
- Re: SRP in OpenSSH draft protocol spec
  - From: RJ Atkinson

References:
- Re: SRP in OpenSSH draft protocol spec
  - From: RJ Atkinson
- Re: SRP in OpenSSH draft protocol spec
  - From: Niels Möller

Prev by Date: Re: SRP in OpenSSH draft protocol spec
Next by Date: Re: SRP in OpenSSH draft protocol spec
Previous by Thread: Re: SRP in OpenSSH draft protocol spec
Next by Thread: Re: SRP in OpenSSH draft protocol spec
Indexes:

Home | Main Index | Thread Index | Old Index