On Sat, Jul 06, 2002 at 00:50:30 +0200, Tamas SZERB wrote: > After a while I'm here to discuss the situation of the silc-server and > silc-client's problems why they cannot be in the official debian release. > Long time ago I got an email which I unfortunately lost concerning the > patent problems about the crypto methods used by the silc,
Caveat emptor: IANAL nor a cryptography expert. There are two SILC internet-drafts which specify ciphers: http://www.silcnet.org/docs/draft-riikonen-silc-ke-auth-05.txt http://www.silcnet.org/docs/draft-riikonen-silc-spec-05.txt The first specifies a key exchange using Diffie-Hellman which isn't patent-encumbered. The second is more problematic. It specifies both public and shared key algorithms as well as some MAC algorithms. MAC algorithms: HMAC-SHA1, HMAC-MD5: Not patent-encumbered to my knowledge Public key: RSA (REQUIRED) - used to be problematic but the patent has finally expired. DSS (OPTIONAL) - apparently the DSA, a US standard selected by NIST. (http://www.rsasecurity.com/rsalabs/faq/3-4-1.html). This alogrithm isn't patent-encumbered AFAIK. Shared key: AES (REQUIRED) - FIPS-197. Not patent-encumbered; see http://csrc.nist.gov/encryption/aes/ for details. Blowfish (REQUIRED) - unpatented; see http://www.counterpane.com/blowfish.html Twofish (OPTIONAL), AES finalist, unpatented; see http://www.counterpane.com/twofish.html CAST (OPTIONAL) AES candidate; not patent-encumbered to my knowledge (statements concerning intellectual property rights of AES submissions used to be available via http://aes.nist.gov, but I can't find them anymore) RC6 (OPTIONAL), MARS (OPTIONAL) AES finalists; patent-encumbered. Note that the IETF has started to pay more attention to intellectual property right notices; you might want to have a look at http://www.ietf.org/ipr.html and ask for the drafts to be updated with IPR notices regarding the ciphers. It would be nice to see the SILC drafts drop RC6 and MARS completely, perhaps adding Serpent (so all non-patent-encumbered AES finalist algorithms are included) in their place. > I'd be happy if somebody would like to say what problems are they, The SILC sources contain code that implements the MARS and RC6 ciphers which are patent-encumbered. > and why, The conditions under which the right to employ a patented algorithm is granted typically prevent the software employing them to meet the Debian Free Software Guidelines (http://www.debian.org/social_contract#guidelines). For more general information regarding the evils of software patents, see e.g. http://lpf.ai.mit.edu/Patents/patents.html . > and ideas how to solve them. At the very least, your packages should not contain any object code built from the source files that implement MARS and RC6. I don't know what the current concensus on debian-legal is regarding source files that implement patent-encumbered (cryptographic) algorithms, in particular I don't know whether you should remove such source files from your source package, or if not using them to produce binaries is considered sufficient. HTH, Ray -- We do not worry about Microsoft developing Open Source applications. Their revenue stream is based on a heroin addiction of selling ever more software. Red Hat's Bob Young quoted in http://www.theregister.co.uk/content/1/11321.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
