Nelson Bolyard wrote: > Steffen Schulz wrote: > >> I'm currently implementing draft-ietf-tls-srp-13 in NSS/SSL. >>
I was thinking of having a go at this too now the I-D is getting close to becoming an RFC. I'm glad someone is trying to implement it, particularly now it looks like more work than I was expecting ;) > Also, ISTR that there are unresolved patent issues with SRP. (This was > recently the focus of MUCH discussion on the IETF TLS mailing list.) > Mozilla can only accept source code provided that anyone anywhere is > entitled to use it without obtaining a patent license first. > This could be solved with a public "blanket" license statement from the > patent holders granting all users of NSS a free license to use SRP in > products that use NSS. My understanding of the patent problem is that Stanford have made it clear that SRP is free for use, but two other companies claim they hold patents which SRP "might" infringe. When I tried to get clarification from them (years ago) about this they both refused to give any concrete reply as to whether SRP really did infringe their patents or not, preferring to let someone else make the first move and then decide if that organisation was big enough to try and get a settlement out of. So you have a blanket statement from the SRP people, and the other two companies didn't invent SRP, and won't confirm it actually does infringe their patents. Anyway, I understand Mozilla's caution - no one wants to be the first to get tested on this issue. A great example of how idle and probably irrelevent patents stifle good ideas. Steffan, please let me know how your implementation is going (dtaylor at gnutls dot org). Regards, David Taylor. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
