Hello,
As you may or may not know, Red Hat has vetoed use of ECC in openssl in
their stock Fedora. The bug regarding this is here:
https://bugzilla.redhat.com/show_bug.cgi?id=319901
https://bugzilla.redhat.com/show_bug.cgi?id=319901
In a nutshell: Red Hat is so afraid of patent trolls, they don't want
to enable ECC -- or even discuss the IP issues publically. (And who can
blame them? Legislative relief is definitely needed here -- so far, it
hasn't been enough. But I digress...)
I see some references to standards in the sources for crypto/ec*, such
as ANSI X9.62 and IEEE 1363. However, I'm not sure that that list is
inclusive -- and I certainly wouldn't be able to recognize whose
algorithm was being used by inspecting C code. So I'm hoping for some
help with this, to allay Red Hat's fears of patent trolls.
Toward this goal, there is an informational RFC 6090 that outlines how
to implement ECC without patent encumbrance. I'm wondering if we can
safely say that openssl's ECC is implemented in a way compatible with
RFC 6090 -- or at least, in a way that enabling it on Red Hat software
wouldn't open them up to a patent troll flawsuit?
http://www.rfc-editor.org/rfc/rfc6090.txt
I checked the FAQ, and it does reference the README regarding patents.
However, it doesn't specifically mention ECC, and that would seem to be
the sticking point with Red Hat.
With more and more software systems requiring ECC to operate, I See A
Great Need in getting this resolved. Thank you for any information you
can provide. Also, if this belongs on the dev list, my apologies for
coming here first.
--
-Scott Doty
Co-founder, Co-owner, CTO: Sonic.net, Inc.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org