--0-948647702-1200081763=:91577
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hi Bob,
I have received so many mails from open-ssl users about this issue. Really thanks for the information. After going through the mails and some documentation about the Certicom patents, I understand that Certicom has more patents in "efficient" implemenation of ECC and not in a way how we implement ECC normally. I need to find out if OpenSSL has any of those "efficient" implementiaons and did voilate any patents. If you know any information on this can you share it? Thanks.
Also I have went through a Certicom document saying that certicom has patents in ECDSA usage in IKEv1/IKEv2.
http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf
From this document I understand, that whoever wants use to IKEv1/IKEv2 with ECDSA has to get patent license. I hope you (Cisco) might have face same problem. Could you share any of your experience on this?

Thanks a lot,
Anil



"Bob Bell (rtbell)" wrote:
Anil -

There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped.

Bob Bell


---------------------------------
From: owner-openssl-users@openssl.org [mailtowner-openssl-users@openssl.org] On Behalf Of Anilkumar Bollineni
Sent: Thursday, 10 January, 2008 12:12
To: openssl-users@openssl.org
Subject: About ECC patent and OpenSSL ECC code



Hi there,

I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code.
Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom?
Can anybody share any experience or information about this?

Thanks for support.

-Anil


---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.


---------------------------------
Never miss a thing. Make Yahoo your homepage.
--0-948647702-1200081763=:91577
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hi Bob,
I have received so many mails from open-ssl users about this issue. Really thanks for the information. After going through the mails and some documentation about the Certicom patents, I understand that Certicom has more patents in "efficient" implemenation of ECC and not in a way how we implement ECC normally. I need to find out if OpenSSL has any of those "efficient" implementiaons and did voilate any patents. If you know any information on this can you share it? Thanks.
Also I have went through a Certicom document saying that certicom has patents in ECDSA usage in IKEv1/IKEv2.
From this document I understand, that whoever wants use to IKEv1/IKEv2 with ECDSA has to get patent license. I hope you (Cisco) might have face same problem. Could you share any of your experience on this?

 
Thanks a lot,
Anil
 


"Bob Bell (rtbell)" <rtbell@cisco.com> wrote:
Anil -
 
There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the
listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped.
 
Bob Bell


From:
owner-openssl-users@openssl.org [mailtowner-openssl-users@openssl.org] On Behalf Of Anilkumar Bollineni
Sent: Thursday, 10 January, 2008 12:12
To: openssl-users@openssl.org
Subject: About ECC patent and OpenSSL ECC code

Hi there,
 
I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code.
Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom?
Can anybody share any experience or information about this?
 
Thanks for support.
 
-Anil
 

Be a better friend, newshound,
and know-it-all with Yahoo! Mobile. Try it now.






Never miss a thing. Make Yahoo your homepage.


--0-948647702-1200081763=:91577--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org