Hi All, Thanks for the inputs, This gives me a good understanding on these ciphers usage.
Thanks and Regards Jayalakshmi On Thu, Dec 7, 2017 at 10:31 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > On 07/12/2017 15:05, Michael Wojcik wrote: > >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf >>> Of Jakob Bohm >>> Sent: Thursday, December 07, 2017 08:41 >>> To: openssl-users@openssl.org >>> >>> And I would still say that "consult a lawyer" is a useless answer, >>> especially as most OpenSSL users will be in the same legal situation, >>> and lawyers opinions on patent matters are frequently found by courts >>> to be wrong anyway. >>> >> Well, I suppose we'll have to disagree on that point. Speaking >> hypothetically, if I were the product owner for a commercial software >> product that used OpenSSL, I would most certainly be raising the question >> with corporate counsel. >> >> This is a complex and fraught area, and the OpenSSL Foundation is not >> able (and I'm sure not inclined to try) to indemnify OpenSSL users against >> infringement claims. To a large extent it doesn't matter what they say. A >> license file in the OpenSSL distribution is not likely to discourage an IP >> owner from claiming infringement if they're so inclined. At that point >> "local" lawyers will be involved whether you like it or not. >> > Of cause OpenSSL cannot indemnify users. This is why my actual > questions to the OpenSSL project were mostly about what 3rd party > assurances that the project had received and could pass on. For > example written patent license statements by Sun/Oracle (in > conjunction with their 2002 ECC contribution), waivers by > CertiCom etc. > > Even if some companies will want to run everything by their > corporate council, corporate council can make much more useful > statements if they can start from some legal documents and > statements rather than having the lawyers try to pour over C > code and published patents. > > I also don't believe that "most OpenSSL users will be in the same legal >> situation". Here again, patent law is complicated. And more importantly, >> well-heeled users are much more likely targets of actual infringement >> claims, which is a very different situation indeed. >> >> Point is, that in this global world, most producers are potentially > exposed in lots of "foreign" jurisdictions, and most corporate > counsel, while potentially well-heeled in general patent law, are > unlikely to have specific knowledge of the various patents, licenses > and waivers applicable to ECC crypto. > > Being able to say "we only ship to customers in China and outer Mongolia, > and under those local laws there is no risk" is a lot rarer than "we ship > globally except a few problematic destinations, we don't want to be > hauled to the Eastern district of Texas by Certicom, so we want to > know if we have contractual assurances that Certicom is OK with using > OpenSSL builds that have the ECC code enabled" > > That latter situation happens to also be the situation of the OpenSSL > project itself, except the degree of being a litigation magnet, thus the > likelihood that the project has obtained some legal documents that can > be passed on, making no independent promises other than those being true > and accurate copies of documents signed by their outside authors. > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users