1 |
On 9/24/2021 03:55, Hanno Böck wrote: |
2 |
> On Fri, 24 Sep 2021 03:46:51 -0400 |
3 |
> Joshua Kinard <kumba@g.o> wrote: |
4 |
> |
5 |
>> If I remember this weekend, I'll e-mail the libtomcrypt author and |
6 |
>> see if they have any insight. One would hope they did their own |
7 |
>> research before possibly putting patented code out into the public |
8 |
>> domain. |
9 |
>> |
10 |
>> Any idea if the Ed25519 forms are unencumbered? As far as I know, |
11 |
>> those were developed by DJB completely independent of ECDSA, so it |
12 |
>> seems like those should be fine. |
13 |
> |
14 |
> I would like to point out that we have no evidence that ECDSA is |
15 |
> currently patent-encumbered either. |
16 |
> The patents that are listed in Red Hat's openssl patches and the ones |
17 |
> that people have been discussing around ecc are all expired. The only |
18 |
> "evidence" we have around patent problems is that red hat does not give |
19 |
> a clear answer when asked whether there are still issues. My hunch is |
20 |
> that this is more of a "large company not answering questions"-problem |
21 |
> than a patent problem, but of course I don't know that for sure. |
22 |
> |
23 |
> ECDSA and the NIST curves have been around since > 20 years, so it's |
24 |
> simply impossible that there are any valid patents covering those. |
25 |
> (There is of course a slight possibility that there may be patents |
26 |
> covering specific implementation details of ECDSA/NIST curves that were |
27 |
> only described later.) |
28 |
|
29 |
Then we are either A) being too paranoid and should just drop bindist from |
30 |
the OpenSSL ebuilds, or B) we are not being paranoid enough and packages |
31 |
like dropbear/libtomcrypt need bindist added, no? It seems we're stuck in |
32 |
the middle here because we don't have the right information. If Red Hat or |
33 |
IBM are being non-responsive over this, then surely some other distro out |
34 |
there has already figured things out? |
35 |
|
36 |
|
37 |
> I'm not entirely sure what you'd like to ask the libtomcrypt authors. |
38 |
> "We think there may be patents, but we don't know. Did you consider |
39 |
> that?" |
40 |
|
41 |
No, actually, I was thinking something more along the lines of "Hey, are you |
42 |
aware of these supposed patent claims about ECC/ECDSA implementations that |
43 |
Red Hat says exist, and if so, did you do any research on them that you |
44 |
could possibly share that led you to feeling confident to release your |
45 |
implementation into the public domain". |
46 |
|
47 |
But I am open to better language. I just don't wanna sit here not knowing. |
48 |
Someone out there has to have the right information to settle this. |
49 |
|
50 |
-- |
51 |
Joshua Kinard |
52 |
Gentoo/MIPS |
53 |
kumba@g.o |
54 |
rsa6144/5C63F4E3F5C6C943 2015-04-27 |
55 |
177C 1972 1FB8 F254 BAD0 3E72 5C63 F4E3 F5C6 C943 |
56 |
|
57 |
"The past tempts us, the present confuses us, the future frightens us. And |
58 |
our lives slip away, moment by moment, lost in that vast, terrible in-between." |
59 |
|
60 |
--Emperor Turhan, Centauri Republic |