Bugtraq mailing list archives
SRP is being patented - don't be so quick to use it.
From: David Wheeler <dwheeler () IDA ORG>
Date: Thu, 21 Dec 2000 16:45:26 -0500
On Wed, 20 Dec 2000, Ajax wrote:
Allow me to refer everyone to the SRP protocol (http://srp.stanford.edu/), which accomplishes a cryptographically strong password exchange and uses it to establish a session key.
Trouble is, I understand that SRP is in the process of being patented, a fact never mentioned on the SRP website as far as I can tell. Here's my source: http://www.securityportal.com/closet/closet19991208.html A _very_ large number of developers, including essentially all open source developers, _automatically_ avoid all patented algorithms unless there's a generous patent grant. Patented algorithms cannot be used at all in open source programs unless there's a patent grant to permit it. Even proprietary software developers only use patented algorithms if they are absolutely necessary: not only do they add cost, but they also make the developer hostage to the patent holder. Patents also harm interoperability with other systems: developers of other systems will avoid the patented algorithm for the same reasons, and most standards bodies either oppose or gingerly treat patented algorithms. The exception would be if the patent holder creates a patent grant to developers (at least for open source or GPL programs) using the magic words "non-exclusive, irrevocable, world-wide, & royalty-free". Having a free implementation isn't enough, since the patent holder can always change the usage conditions (causing great pain to everyone). You can see an example of a patent grant at http://www.advogato.org/article/89.html. I believe Mr. Wu has excellent intentions, and I really like many of the things that his says on his web site. However, I understand that _Stanford_ (not Mr. Wu) is applying for the patent, so only a representative of Stanford (and not Mr. Wu) can make a patent grant. Obviously you can't give away what isn't yours. I haven't found any official patent grant for SRP from someone asserting to be the owner of the patent. Note that this is different than the situation of DES and SHA-1. In the case of DES, the patent owner (IBM) gave up all US rights (see Bruce Schneier, 28 Sep 1998, http://www.io.com/~ritter/NEWS3/AESPAT.HTM). For SHA-1, the designers were NIST and NSA, who didn't patent it, and FIPS 186-1 declares "The Department of Commerce is not aware of any patents that would be infringed by this standard." For an example of the troubles of patents, look at the Unisys patent that impacts GIF compression. Unisys originally said free programs could use it, then later on said that they couldn't. Suddenly many users & developers using GIF were hurt! Unisys is now trying to extort $5,000 from every website using GIFs unless the site meets hard-to-prove criteria (see http://www.burnallgifs.org for more about this). The problem with patents is so serious that NIST's AES requirements specifically stated that they "desire to have the AES available worldwide on a royalty free basis"; clearly at least one U.S. government agency has decided that royalty-imposing patented algorithms (at least in this case) aren't worth it. Due to recent patent expirations, developers are finally free to use RSA & Diffie-Hellman; let's not put the chains back on so quickly. I looked at this last year, and abandoned SRP once I learned of its patent status. If there's more information, I'd love to hear about it. In particular, I would LOVE to hear that its patent situation has improved. I don't think the issue is Wu, I think the issue is what Stanford intends to do. Given a generous patent grant, I'd be happy to use SRP, and it's quite possible things have changed (I hope they have). -- --- David A. Wheeler dwheeler () ida org
Current thread:
- SRP is being patented - don't be so quick to use it. David Wheeler (Dec 21)
- Re: SRP is being patented - don't be so quick to use it. Ken Raeburn (Dec 22)
- Re: SRP is being patented - don't be so quick to use it. Tom Wu (Dec 22)
- Re: SRP is being patented - don't be so quick to use it. Russ Allbery (Dec 22)
- Re: SRP is being patented - don't be so quick to use it. Ken Raeburn (Dec 22)