The current S/MIME draft specifies a Diffie-Hellman mode from the ANSI X9.42
draft which uses an additional parameter, q, to protect against an attack
known as the "small subgroup attack". Certicom has a patent pending which we
believe will cover this mechanism. At the WG meeting in Chicago, we offered
to grant a royalty-free license to this patent and any other granted or
pending patents which would cover S/MIME.
The working group is also considering a technical alternative which is an
Elgamal variant. We do not believe we have any patent coverage on this
alternative. We don't have any preference as to what mechanism the working
group should choose: we just want to make it possible for the group to
implement whatever its choice is without cost.
Our proposed patent license would involve:
- No licensing cost and royalty-free.
- Field of use is CMS and PKIX.
- Would grant rights to all issued and pending patents which are required
implement mandatory technologies in current CMS and PKIX specifications.
- Licensing party would have to confer on Certicom the same rights for
similar patents. (Free license for those which block CMS & PKIX.)
- To license, you just need to sign the license and send it to us; we will
and return it, but your license is good starting when you submit it to
I've got a lawyer working on the language now and I hope to have an update
within a week.
- Tim Dierks