Bugtraq mailing list archives
Re: SRP is being patented - don't be so quick to use it.
From: Ken Raeburn <raeburn () MIT EDU>
Date: Fri, 22 Dec 2000 00:56:00 -0500
David Wheeler <dwheeler () IDA ORG> writes:
Trouble is, I understand that SRP is in the process of being patented,
A _very_ large number of developers, including essentially all open source developers, _automatically_ avoid all patented algorithms unless there's a generous patent grant. Patented algorithms cannot be used at all in open source programs unless there's a patent grant to permit it.
I got two things on this from Tom Wu when we talked at the last IETF conference about using SRP to better protect the initial exchange in Kerberos: 1) Stanford has granted such permission regarding the SRP algorithm described in RFC 2945, and the IETF has been sent a letter saying so. However, I haven't seen the letter and don't know the exact terms, so don't take this as gospel. 2) There's another SRP variant, which I think is supposed to be a little more efficient in terms of message traffic in some situations, which is also (being?) patented, and for which this permission has not been granted. I don't know how the two differ. Since these problems have (supposedly) been addressed, I'm looking at moving forward with an Internet Draft for this use with Kerberos, pending my actually finding out the terms of the letter. (Though I'm also looking at Radia Perlman's "pseudorandom moduli" work.) Ken
Current thread:
- SRP is being patented - don't be so quick to use it. David Wheeler (Dec 21)
- Re: SRP is being patented - don't be so quick to use it. Ken Raeburn (Dec 22)
- Re: SRP is being patented - don't be so quick to use it. Tom Wu (Dec 22)
- Re: SRP is being patented - don't be so quick to use it. Russ Allbery (Dec 22)
- Re: SRP is being patented - don't be so quick to use it. Ken Raeburn (Dec 22)