Re: NSA Suite B Cryptography
Joseph Ashwood wrote: U, no. The NSA only licensed the right to use (and sublicense under special circumstances) the patents [...] [snip the rest, it was based on a failed assumption] Poor phrasing on my part. Exactly as you said, the patent sublicense cannot be passed on even if the code is released under, say a BSD copyright license. People would have a right to copy the source code but would have to obtain patent rights either from the NSA if they are eligible, or as you said under alternative arrangements from Certicom. Since the GPL excludes distribution of code with patents that limit their distribution other than by specific country, the patent encumbrance that would accompany the code would prevent it from being released under GPL. The possible twist that I see is if the NSA declares that any freely available open source software that interoperates with Suite B is by definition in support of US national security interests and therefore automatically gets one of their sublicenses. That would effectively remove the patent encumbrance for GPL code. There would still be patent restrictions on the code, but they would not apply to open source freely redistributable code, therefore would not get in the way of the GPL. Oh, no, that would not be strictly true. GPL allows you to do anything at all with the code if you use it for yourself without distributing it. Patent restrictions still apply to such uses. They could be uses that are not in support of US national security interests. Therefore you still could not distribute the code under GPL as the people you give it to would not have the patent rights to modify the code for their own private modified use if they do not distribute the changes. So it still comes down to what I think is the important point: BSD licensed Suite B code may be possible, GPL'd Suite B code is not possible unless Certicom makes appropriate free license to the patents available for software licensed under GPL. -- Sidney Markowitz http://www.sidney.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA Suite B Cryptography
In message [EMAIL PROTECTED], Sidney Markowitz writes: The possible twist that I see is if the NSA declares that any freely available open source software that interoperates with Suite B is by definition in support of US national security interests and therefore automatically gets one of their sublicenses. That would effectively remove the patent encumbrance for GPL code. There would still be patent restrictions on the code, but they would not apply to open source freely redistributable code, therefore would not get in the way of the GPL. I strongly suspect that Certicom would sue if NSA tried that. So it still comes down to what I think is the important point: BSD licensed Suite B code may be possible, GPL'd Suite B code is not possible unless Certicom makes appropriate free license to the patents available for software licensed under GPL. I think that that's a fair summary. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA Suite B Cryptography
Excerpt from Fact Sheet on NSA Suite B Cryptography http://www.nsa.gov/ia/industry/crypto_suite_b.cfm NSA has determined that beyond the 1024-bit public key cryptography in common use today, rather than increase key sizes beyond 1024-bits, a switch to elliptic curve technology is warranted. In order to facilitate adoption of Suite B by industry, NSA has licensed the rights to 26 patents held by Certicom Inc. covering a variety of elliptic curve technology. Under the license, NSA has a right to sublicense vendors building equipment or components in support of US national security interests. Does this prevent free software interoperability with Suite B standards? It potentially could be used to block non-US vendors, certainly anyone who is in the US Government's disfavor, but it seems to me that even with no further intentional action by the NSA it would preclude software under the GPL and maybe FOSS in general in countries in which the patents are valid. -- Sidney Markowitz http://www.sidney.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA Suite B Cryptography
Sidney Markowitz wrote: Excerpt from Fact Sheet on NSA Suite B Cryptography http://www.nsa.gov/ia/industry/crypto_suite_b.cfm NSA has determined that beyond the 1024-bit public key cryptography in common use today, rather than increase key sizes beyond 1024-bits, a switch to elliptic curve technology is warranted. In order to facilitate adoption of Suite B by industry, NSA has licensed the rights to 26 patents held by Certicom Inc. covering a variety of elliptic curve technology. Under the license, NSA has a right to sublicense vendors building equipment or components in support of US national security interests. Does this prevent free software interoperability with Suite B standards? It potentially could be used to block non-US vendors, certainly anyone who is in the US Government's disfavor, but it seems to me that even with no further intentional action by the NSA it would preclude software under the GPL and maybe FOSS in general in countries in which the patents are valid. When questioned about this at IETF (the NSA presented on this stuff) they said that the licence they had purchased would cover open source s/w. But yes, it could be that the NSA has to approve of the particular piece of s/w. Incidentally, why the focus on GPL? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA Suite B Cryptography
Sidney Markowitz wrote: Excerpt from Fact Sheet on NSA Suite B Cryptography http://www.nsa.gov/ia/industry/crypto_suite_b.cfm NSA has determined that beyond the 1024-bit public key cryptography in common use today, rather than increase key sizes beyond 1024-bits, a switch to elliptic curve technology is warranted. In order to facilitate adoption of Suite B by industry, NSA has licensed the rights to 26 patents held by Certicom Inc. covering a variety of elliptic curve technology. Under the license, NSA has a right to sublicense vendors building equipment or components in support of US national security interests. Does this prevent free software interoperability with Suite B standards? It potentially could be used to block non-US vendors, certainly anyone who is in the US Government's disfavor, but it seems to me that even with no further intentional action by the NSA it would preclude software under the GPL and maybe FOSS in general in countries in which the patents are valid. I didn't read it that way at all. AFAICS, the NSA has acquired the licences it needs to deliver (have delivered) software to its government customers. As all the government customers will need to use approved software anyway, it will be acquired on some approved list, and the licences will be automatically extended. Anyone outside the national security market will need to negotiate separately with Certicom if they need to use it. This represents a big subsidy to Certicom, but as they are a Canadian company it is harder to argue against on purely statist grounds. Which is to say, NSA solved its problem and it is nothing to do with FOSS. The big question (to me perhaps) is where and how far the Certicom patents are granted. If they are widely granted across the world then the software standards won't spread as there won't be enough of an initial free market to make it bloom (like happened to RSA). But if for example they are not granted in Europe then Europeans will get the free ride on NSA DD and this will cause the package to become widespread, which will create the market in the US. Of course predicting the future is tough... iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NSA Suite B Cryptography
Ian G wrote: Which is to say, NSA solved its problem and it is nothing to do with FOSS. If you wrote a Suite B program and distributed it under a BSD license after getting a sub-license for the patent from the NSA, presumably I could take that code, modify it, and then in order to use or distribute my modified code I would have to obtain my own sublicense from the NSA. I could do that as long as I met whatever criteria the NSA has for granting sublicenses. My guess is that at a minimum the program would have to be available for free or for sale to the US government for some purpose that allows it to be considered as being in support of US national security interests. It would make no sense for the NSA to grant a sublicense to you that allowed to you grant me a license to produce possibly proprietary code that infringes the patent and is not in support of US national security interests. So, yes, under those assumptions BSD-like licenses would not be excluded, with the understanding that in addition to the copyright terms allowing free use of the code there would also be patent restrictions affecting the use. As you say, the NSA's solution to their problem has nothing to do with FOSS, and it doesn't specifically exclude FOSS. But it will preclude GPL software that will interoperate with Suite B from being distributed in countries that recognize the patents. Unless, I suppose the NSA is able to say that any use of the patent in open source software can be considered in support of US national security interests and therefore the sublicense can be propagated as long as the source remains available. In other words, if they include a GPL-like provision that the patent license will stay with the code as long as it is distributed under GPL. That would be an interesting twist. -- Sidney Markowitz http://www.sidney.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]