I'm not a lawyer, and neither is Bruce Schneier who is quoted in the
article below, but I suspect he's studied the ECC patent situation
more than I have (and I looked it quite a bit back when I was chairing
ipsec).
http://en.wikipedia.org/wiki/ECC_patents
If it were up to me, I'm not sure I'd want to bet the DNS
infrastructure on whether or not patent lawyers with shark-skin
briefcases want to make a mint by instigating a lawsuit. As we've
seen with the SCO lawsuit, even completely groundless legal disputes
can take years and years, and the only winner is the lawyers. And
we've seen how much public key deployment was held back because of the
RSA patents; and most people who have lived through those dark times
really don't want to revisit them again.
As I told the Certicom folks over a decade ago, the best way they
could make their (hardware implementation) patents more valuable is by
explicitly making a non-assert pledge regarding software
implementations of ECC. That would have cleared away a lot of the
hesitation around using ECC, since regardless of whether the claims of
ECC proponents that "no really, there's no problems here!" are true or
not, it would have calmed the fears who've looked at the situation and
who have perceived real risks.
Of course, the Certicom folks didn't listen to me back then, and I
doubt any of them would listen to me now....
- Ted
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf