(resending after bounce)
-----Original Message-----
From: Charlie Kaufman
Sent: Wednesday, November 09, 2005 8:59 PM
To: 'James A. Donald'; [EMAIL PROTECTED]; [email protected]
Subject: RE: How broad is the SPEKE patent.
---- James A. Donald said:
>Does SPEKE claim to patent any uses of zero knowledge
>proof of possession of the password for mutual
>authentication, or just some particular method for
>establishing communications? Is there any way around
>the SPEKE patent for mutual authentication and
>establishing secure communications on a weak passphrase?
That's the wrong question.
The patents related to SPEKE (at least the ones that have issued - there's no
way to know whether there are additional submarines out there) are available
free on line from the patent office. You can read the claims and make your own
judgment.
The right question is whether there is any strong password protocol - either
known or that you invent yourself - that you can implement without fear of
being sued for patent infringement.
And the answer is no.
Patent claims, like the U.S. Constitution, mean whatever the courts decide they
mean. The only way to have confidence that you won't be sued for implementing
any technology is to observe that lots of other people in similar situations to
yours are doing it and not being sued.
I am not aware of anyone who is publicly shipping - either in a commercial
product or as open source - an implementation of a strong password protocol
without having paid protection money to either Lucent or Phoenix (or both). It
would be great if someone would.
But proclaiming that the King is wearing no clothes is not without risk.
--Charlie Kaufman
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
