(resending after bounce)

-----Original Message-----
From: Charlie Kaufman 
Sent: Wednesday, November 09, 2005 8:59 PM
To: 'James A. Donald'; [EMAIL PROTECTED]; cryptography@metzdowd.com
Subject: RE: How broad is the SPEKE patent.

---- James A. Donald said:
>Does SPEKE claim to patent any uses of zero knowledge
>proof of possession of the password for mutual
>authentication, or just some particular method for
>establishing communications?   Is there any way around
>the SPEKE patent for mutual authentication and
>establishing secure communications on a weak passphrase?

That's the wrong question.

The patents related to SPEKE (at least the ones that have issued - there's no 
way to know whether there are additional submarines out there) are available 
free on line from the patent office. You can read the claims and make your own 

The right question is whether there is any strong password protocol - either 
known or that you invent yourself - that you can implement without fear of 
being sued for patent infringement.

And the answer is no.

Patent claims, like the U.S. Constitution, mean whatever the courts decide they 
mean. The only way to have confidence that you won't be sued for implementing 
any technology is to observe that lots of other people in similar situations to 
yours are doing it and not being sued.

I am not aware of anyone who is publicly shipping - either in a commercial 
product or as open source - an implementation of a strong password protocol 
without having paid protection money to either Lucent or Phoenix (or both). It 
would be great if someone would.

But proclaiming that the King is wearing no clothes is not without risk.

        --Charlie Kaufman

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to