On Fri, Jul 15, 2011 at 5:36 PM, Kyle Hamilton <aerow...@gmail.com> wrote: > On Fri, Jul 15, 2011 at 10:32 AM, Gaglia <san...@paranoici.org> wrote: >> On 07/15/2011 08:23 AM, Kyle Hamilton wrote: >>> ... >> >> Excuse me, I got lost somewhere... Does this mean that it is not >> possible to use EC crypto with OpenSSL because the algorithms are >> patented? If so, why OpenSSL does provide support to EC crypto? > > EC is considered to be a patent minefield. Some people (RSA Data > Security) say that it's possible to implement EC cryptography using > different types of algorithms which are not covered by the patents. Consider the source: RSA's strongest competition is ECC and Certicom (or should we say ECC's past competition was RSA?). RSA Data Security managed to implant RSA into DSA with heavy lobbying, but RSA's glory days are behind them or gone. The SecurID scandal is another testament to the fact.
I often wonder why open source implementations even care: (1) the implementations are often available through out the world, where US patent law does not apply, (2) for US domestic uses, push the burden of licensing compliance onto the user (or #define out any code found to be offense by *real* lawyers), and (3) most implementors don't have the money to make it worthwhile to litigate. For (3), Certicom most likely won't make a dime, so there's no monetary relief or benefit even if they incur loss or damages. And at best, they will probably be granted an injunction against US distribution. Guess wheat folks will do in that case (what did they do with RSA - download form Australia or Germany or ...). Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org