Re: SRP in OpenSSH draft protocol spec

[Tom Wu <tom%arcot.com@localhost>]

RJ Atkinson wrote:
> 
> At 21:32 02/04/01, Tom Wu wrote:
> 
> >But it is precisely the same.  There's still no legally-binding document
> >to cite in court, which is presumably what you're objecting to, just a
> >clear statement from the inventor on behalf of the organization he did
> >the work for.
> 
>         ...which I noted earlier I was not comfortable with
> most of the IPR statements online at IETF.
> 
> >I suppose you didn't notice that the SRP IPR notice was received from
> >Stanford, either.  Why the double-standard?
> 
>         No double standard.  I really want an RFC from
> everyone, which folks who've been around for a while have
> seen from me in other WGs in the past (e.g. in IPsec).

Understood.  As I have indicated in a different posting, I am willing to
work with Stanford and the IETF to ensure that IPR concerns are dealt
with properly.  But I also want to understand the nature of those
concerns, in light of the fact that there seems to be considerable
disagreement as to what it means to be "free", and that indeed, many of
the things that are commonly thought to be free don't seem to be free
enough for some, especially in the crypto community.

In any case, this issue will go away with Stanford's statement to the
secretariat, and we can go back to the hard work of getting the strong
password authentication code tested and polished for general use.

> Ran

Tom
-- 
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."