ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94

2015-11-03 20:08:04
from [brian m. carlson] [Permanent Link] 
On Wed, Nov 04, 2015 at 02:27:54AM +0100, Aaron Zauner wrote:

brian m. carlson wrote:

A note on using patented algorithms: Some organizations, such as Debian,
require that parts of software be able to be extracted and otherwise
used under the terms of the license.  Even if the OCB patent is waived
for OpenPGP, that would not be sufficient to allow parts of an OpenPGP
implementation that use OCB to be used in non-OpenPGP software.  That
might prevent such OpenPGP implementations from entering the main Debian
archive.  Other organizations may have similar restrictions.

This is just something to consider when discussing the use of patented
algorithms.


So in this case is non open-source software relevant at all? I don't
think so. For open-source initiative licenses, public domain and CC
there's a patent exemption anyway (since 2013):
http://web.cs.ucdavis.edu/~rogaway/ocb/license1.pdf


I suspect this is probably sufficient for Debian's purposes, although I
of course can't speak on their behalf.  Whether it is suitable for Red
Hat or other organizations with strict patent policies, I don't know.

My personal view is that using patented algorithms[0] will prevent at
least some adoption of the OpenPGP standard, even if that's overly
cautious and defensive, and that there are sufficient secure
alternatives such that we don't have to use patented algorithms.  The
less we can make implementers get lawyers involved, the better.


Another one exists for non-military software implementations:
http://web.cs.ucdavis.edu/~rogaway/ocb/license2.pdf


Clearly this is not suitable for Debian's purposes, as they prohibit
restrictions on fields of endeavor.

[0] By "patented algorithms," I mean those that don't grant a flat
royalty-free license.  SHA-2 is patented, but available under such a
royalty-free license.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94, Aaron Zauner
Next by Date:  Re: [openpgp] [PATCH] RFC4880bis: Argon2i, Werner Koch
Previous by Thread:  Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94, Aaron Zauner
Next by Thread:  Re: [openpgp] DRAFT minutes for OpenPGP at IETF 94, Aaron Zauner
Indexes:  [Date] [Thread] [Top] [All Lists]