[9fans] secstore and PAKserver - Plan9
This is a discussion on [9fans] secstore and PAKserver - Plan9 ; I note in /sys/src/cmd/auth/secstore/pak.c:
// PAK is an encrypted key exchange protocol designed by Philip MacKenzie et al.
// It is patented and use outside Plan 9 requires you get a license.
// (All other EKE protocols are patented as ...
-
[9fans] secstore and PAKserver
I note in /sys/src/cmd/auth/secstore/pak.c:
// PAK is an encrypted key exchange protocol designed by Philip MacKenzie et al.
// It is patented and use outside Plan 9 requires you get a license.
// (All other EKE protocols are patented as well, by Lucent or others.)
I want to leverage the functionality of the secstore for a different
application (I'm not yet ready to publicize the details, but I will to
anyone who shows some interest), but this seems to put a bit of a
spanner in the works. Naturally, I can prototype with it, but in the
long term I have either to licence the PAK stuff (who do I contact?)
or to replace the code with an analogous facility.
Has the licence been waved for p9p? What are the terms of the
licence? Does anyone know of licence free options to perform a
similar function? I suppose I ought to ask what is so special about
PAK, too or, more to the point, what does it do that made Bell Labs
choose it for the secstore? Maybe if I understood PAK better I'd be
able to decide whether it is as important in my application as it was
for the secstore.
++L
-
Re: [9fans] secstore and PAKserver
> I want to leverage the functionality of the secstore for a different
> application (I'm not yet ready to publicize the details, but I will to
> anyone who shows some interest), but this seems to put a bit of a
> spanner in the works. Naturally, I can prototype with it, but in the
> long term I have either to licence the PAK stuff (who do I contact?)
> or to replace the code with an analogous facility.
>
> Has the licence been waved for p9p? What are the terms of the
> licence? Does anyone know of licence free options to perform a
> similar function? I suppose I ought to ask what is so special about
> PAK, too or, more to the point, what does it do that made Bell Labs
> choose it for the secstore? Maybe if I understood PAK better I'd be
> able to decide whether it is as important in my application as it was
> for the secstore.
I am not a lawyer; this is not legal advice.
The Lucent Public License permits redistribution of the programs
contained in the Plan 9 distribution, secstore included, in source
or binary forms, and includes appropriate copyright and patent
licenses. I believe that is the only license needed for me to
distribute the p9p programs. I have no special arrangement
with Lucent.
The details are in /LICENSE.
Of course, in such licensing situations, I have never understood
where the line is between redistributing the entire Plan 9 software
(obviously permitted, with copyright and patent licenses granted)
and redistributing just a few snippets of Plan 9 code that make up
an insignificant part of a larger program that happens to use
techniques from those same patents. I'm fairly certain p9p is on
the first side of that line, but I still don't know where the line is.
If this really matters to you, you should talk to a lawyer.
If you're not using Plan 9 code, you might look at SRP.
I don't think the licensing issues are any less murky than PAK,
but they are at least more widely studied.
Russ
-
Re: [9fans] secstore and PAKserver
On Tue, Aug 28, 2007 at 06:19:24PM -0400, Russ Cox wrote:
> If you're not using Plan 9 code, you might look at SRP.
> I don't think the licensing issues are any less murky than PAK,
> but they are at least more widely studied.
There ought to be an SRP implementation for secstore
lying around somewhere, possibly at the Labs. I did
one the summer the USENIX security paper got written.
