ietf-openpgp
[Top] [All Lists]

Subject: Re: Legal issues in implementing OpenPGP

1998-05-04 12:54:03
While it's worth getting an explicit statement from Network Associates
that they will honor PGP Inc's commitment to leave change authority
for OpenPGP with IETF, there's no reason to believe it wouldn't be
forthcoming.

That's not the only intellectual property issue that needs to be
addressed, though: I think there should be a section that says things
like the following (which is off the top of my head and should be
verified rather than included wholesale).
-------
SHA1 was designed by NSA and has no intellectual property restrictions.
MD5 may be used freely; if the RSA Labs sample code is used, their
copyright
  statement must be retained in the source.
RIPEM-D [??]
HAVAL's reference implementation is copyrighted; no charge for use, but
  the algorithm author would like to be notified.
MD2 [??]
-------
ZIP was carefully chosen to avoid patent restrictions and may be used
freely;
 the zLib library implements a patent-safe version of the algorithm.
-------
RSA is patented in the USA, but not elsewhere.  The patent runs out on
[date].
  [Special conditions if you use RSAREF in the US?]
ElGamal's patent has run out, so it may be used freely.
DSA may probably be used freely, but [Schnorr claim??].
Elliptic Curve [??]
ECDSA [??]
Diffie-Hellman (X9.42) [??]
--------
IDEA is patented [with expiration ??/??/??, and permission must be
obtained
  from ASCOM AG [address?].
Triple-DES may be used freely in all applications.
CAST5 is patented [patent applied for?] but Nortel and/or Entrust have
said
  it may be used for commercial and non-commercial applications.
Blowfish may be used freely in all applications.
SAFER-SK128 [??]
DES/SK [??]
-------
And so on... isn't this done in some other IETF docs?
-- 
        Jim Gillogly
        Sterday, 13 Thrimidge S.R. 1998, 19:37
        12.19.5.2.13, 13 Ben 6 Uo, Eighth Lord of Night