[ANNOUNCE] OpenSSL version 0.9.7i released

2005-10-15 Thread Richard Levitte - VMS Whacker 

   OpenSSL version 0.9.7i released
   ===

   OpenSSL - The Open Source toolkit for SSL/TLS
   http://www.openssl.org/

   OpenSSL 0.9.7h caused crashes when the shared libcrypto was
   upgraded.  This release fixes that problem.  For those who want
   or have to stay with the 0.9.7 series of OpenSSL instead of using
   the 0.9.8 series, we strongly recommend that you upgrade to OpenSSL
   0.9.7h soon as possible.  For a complete list of changes, please
   see http://www.openssl.org/source/exp/CHANGES.

   OpenSSL 0.9.7i is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors
   under http://www.openssl.org/source/mirror.html):

 * http://www.openssl.org/source/
 * ftp://ftp.openssl.org/source/

   The distribution file names are:

 * openssl-0.9.7i.tar.gz
   MD5 checksum: f69d82b206ff8bff9d0e721f97380b9e
   SHA1 checksum: 4c23925744d43272fa19615454da44e01465eb06

   The checksums were calculated using the following commands:

openssl md5 openssl-0.9.*.tar.gz
openssl sha1 openssl-0.9.*.tar.gz

   Yours,

   The OpenSSL Project Team...

Mark J. Cox Nils Larsch Ulf Möller
Ralf S. Engelschall Ben Laurie  Andy Polyakov
Dr. Stephen Henson  Richard Levitte Geoff Thorpe
Lutz JänickeBodo Möller



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: NSA Suite B Cryptography

2005-10-15 Thread Sidney Markowitz 
Joseph Ashwood wrote:
 U, no. The NSA only licensed the right to use (and sublicense under 
 special circumstances) the patents
[...]
 [snip the rest, it was based on a failed assumption]

Poor phrasing on my part. Exactly as you said, the patent sublicense
cannot be passed on even if the code is released under, say a BSD
copyright license. People would have a right to copy the source code but
would have to obtain patent rights either from the NSA if they are
eligible, or as you said under alternative arrangements from Certicom.

Since the GPL excludes distribution of code with patents that limit
their distribution other than by specific country, the patent
encumbrance that would accompany the code would prevent it from being
released under GPL.

The possible twist that I see is if the NSA declares that any freely
available open source software that interoperates with Suite B is by
definition in support of US national security interests and therefore
automatically gets one of their sublicenses. That would effectively
remove the patent encumbrance for GPL code. There would still be patent
restrictions on the code, but they would not apply to open source freely
redistributable code, therefore would not get in the way of the GPL.

Oh, no, that would not be strictly true. GPL allows you to do anything
at all with the code if you use it for yourself without distributing it.
Patent restrictions still apply to such uses. They could be uses that
are not in support of US national security interests. Therefore you
still could not distribute the code under GPL as the people you give it
to would not have the patent rights to modify the code for their own
private modified use if they do not distribute the changes.

So it still comes down to what I think is the important point: BSD
licensed Suite B code may be possible, GPL'd Suite B code is not
possible unless Certicom makes appropriate free license to the patents
available for software licensed under GPL.

 -- Sidney Markowitz
http://www.sidney.com



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: NSA Suite B Cryptography

2005-10-15 Thread Steven M. Bellovin 
In message [EMAIL PROTECTED], Sidney Markowitz writes:

The possible twist that I see is if the NSA declares that any freely
available open source software that interoperates with Suite B is by
definition in support of US national security interests and therefore
automatically gets one of their sublicenses. That would effectively
remove the patent encumbrance for GPL code. There would still be patent
restrictions on the code, but they would not apply to open source freely
redistributable code, therefore would not get in the way of the GPL.

I strongly suspect that Certicom would sue if NSA tried that.

So it still comes down to what I think is the important point: BSD
licensed Suite B code may be possible, GPL'd Suite B code is not
possible unless Certicom makes appropriate free license to the patents
available for software licensed under GPL.

I think that that's a fair summary.

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: ECC patents?

2005-10-15 Thread Alexander Klimov 
On Sun, 11 Sep 2005, Alexander Klimov wrote:
 Does anyone know a good survey about ECC patent situation?

I have made a shallow review (comments are welcome!) of the
patents that Certicom claims are pertained to ECC implementation
and it looks like there are no real road-blocks for ECDH and
ECDSA among them. In other words, IIUC it is possible to
implement EC encryption and signing without violating any patent
(of course, the implementer must be lucky enough to avoid any
patented optimization).

BTW, it looks like OpenSSL developers share this POV: README [1]
on branch OpenSSL_0_9_8-stable which implements ECDH and ECDSA
has PATENTS section which does not say a word about ECC.

In order to make this review I located two documents [2,3] in
which Certicom lists its patents related to ECC. It is
impossible to say that nobody else has patents in this area, but
the fact that the web site of SECG [4] (which is the first
working group anywhere that is devoted exclusively to developing
standards based on ECC) does not have claims by anybody else
can be viewed as a hint of this.

Let us now review these lists. The first of them [2] contains
the following patents:

  [As of May 26, 1999] Certicom is the owner of the following
  issued patents:

  US 4,745,568 Computational method and apparatus for finite
  field multiplication, issued May 17, 1988. This patent
  includes methods for efficient implementation of finite field
  arithmetic using a normal basis representation.

[Optimization of multiplication in GF_{2^n}]

  US 5,787,028: Multiple Bit Multiplier, issued July 28, 1998.

[Multiplication in GF_{2^{nm}}, IIUC it is of no use now due to
Weil descent attack for EC(GF_{2^k}) with composite k.]

  US 5,761,305 Key Agreement and Transport Protocol with
  Implicit Signatures, issued June 2, 1998. This patent includes
  versions of the MQV protocols.

  US 5,889,865 Key Agreement and Transport Protocol with
  Implicit Signatures, issued March 30, 1999. This patent
  includes versions of the MQV protocols.

  US 5,896,455 Key Agreement and Transport Protocol with
  Implicit Signatures, issued April 20, 1999. This patent
  includes versions of the MQV protocols.

[These three are about MQV protocol and so are unrelated to ECDH
and ECDSA.]

  Certicom has the exclusive North American license rights to
  the following issued patent:

  US 5,600,725 Digital signature method and key agreement
  method, issued Feb. 4, 1997. This patent includes the
  Nyberg-Rueppel (NR) signature method.

[Described as pertains to PV signatures below.]

  Certicom has patent applications that include the following:

   * Methods for efficient implementation of elliptic curve
 includes efficient methods for computing inverses.

   * Methods for point compression.

   * Methods to improve performance of private key operations.

   * Various versions of the MQV key agreement protocols.

   * Methods to avoid the small subgroup attack.

   * Methods to improve performance of elliptic curve
 arithmetic; in particular, fast efficient multiplication
 techniques.

   * Methods to improve performance of finite field
 multiplication.

   * Methods for efficient implementation of arithmetic modulo n.

   * Methods to perform validation of elliptic curve public keys.

   * Methods to perform efficient basis conversion.

The second [3] of the lists contains the following:

  [As of February 10, 2005] Certicom is the owner of the
  following issued patents:

  EP 0 739 105 B1 (validated in DE, FR, and the UK) Method for
  signature and session key generation pertains to the MQV
  protocol

[Anybody knows, where it is available online?]

  US 5,761,305 Key Agreement and Transport Protocols with
  Implicit Signatures pertains to the MQV protocol

  US 5,889,865 Key Agreement and Transport Protocol with
  Implicit Signatures pertains to the MQV protocol

  US 5,896,455 Key Agreement and Transport Protocol with
  Implicit Signatures pertains to the MQV protocol

  US 6,122,736 Key agreement and transport protocol with
  implicit signatures pertains to the MQV protocol

  US 6,785,813 Key agreement and transport protocol with
  implicit signatures pertains to the MQV protocol

[Menezes-Qu-Vanstone (MQV) protocol -- an authenticated protocol
for key agreement based on the Diffie-Hellman scheme.]

  US 5,600,725 Digital Signature Method and Key Agreement
  Method pertains to PV signatures

[Pintsov-Vanstone (PV) signatures -- a scheme with partial
message recovery.]

  US 5,933,504 Strengthened public key protocol pertains to
  preventing the small-subgroup attack

[This one contains the following claims:

1. A method of determining the integrity of a message
   exchanged between a pair of correspondents, said message
   being secured by embodying said message in a function of
   .alpha..sup.x where .alpha. is an element of a finite
   group S of order q, said method comprising the steps of
   at least one of the