Hello, As you may or may not know, Red Hat has vetoed use of ECC in openssl in their stock Fedora. The bug regarding this is here:
https://bugzilla.redhat.com/show_bug.cgi?id=319901 <https://bugzilla.redhat.com/show_bug.cgi?id=319901> In a nutshell: Red Hat is so afraid of patent trolls, they don't want to enable ECC -- or even discuss the IP issues publically. (And who can blame them? Legislative relief is definitely needed here -- so far, it hasn't been enough. But I digress...) I see some references to standards in the sources for crypto/ec*, such as ANSI X9.62 and IEEE 1363. However, I'm not sure that that list is inclusive -- and I certainly wouldn't be able to recognize whose algorithm was being used by inspecting C code. So I'm hoping for some help with this, to allay Red Hat's fears of patent trolls. Toward this goal, there is an informational RFC 6090 that outlines how to implement ECC without patent encumbrance. I'm wondering if we can safely say that openssl's ECC is implemented in a way compatible with RFC 6090 -- or at least, in a way that enabling it on Red Hat software wouldn't open them up to a patent troll flawsuit? http://www.rfc-editor.org/rfc/rfc6090.txt I checked the FAQ, and it does reference the README regarding patents. However, it doesn't specifically mention ECC, and that would seem to be the sticking point with Red Hat. With more and more software systems requiring ECC to operate, "I See A Great Need" in getting this resolved. Thank you for any information you can provide. Also, if this belongs on the dev list, my apologies for coming here first. -- -Scott Doty Co-founder, Co-owner, CTO: Sonic.net, Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
