Tim;
I have a couple of questions about your proposed patent license.
The field of use is listed as "CMS and PKIX". What does this really mean?
For example, if someone built this technique into their product to meet
these standards, and it also meets other standards (such as ANSI X9.42),
would this be violating? Perhaps a better wording would be something like
"public key validation techniques as described in PKIX and CMS".
You also say that this license is for implementing mandatory technologies.
However draft-ietf-smime-x942-00.txt lists public key validation (the
technique in question) as being a SHOULD. It doesn't appear to be
mandatory. Will this license only apply if public key validation is made
mandatory? I would think that this license should apply whether or not the
techniques are mandatory.
Thanks,
Robert Zuccherato.
----------
From: Tim Dierks[SMTP:timd(_at_)consensus(_dot_)com]
Sent: Saturday, September 05, 1998 11:37 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Certicom X9.42 proposal
Recap:
The current S/MIME draft specifies a Diffie-Hellman mode from the ANSI
X9.42
draft which uses an additional parameter, q, to protect against an attack
known as the "small subgroup attack". Certicom has a patent pending which
we
believe will cover this mechanism. At the WG meeting in Chicago, we
offered
to grant a royalty-free license to this patent and any other granted or
pending patents which would cover S/MIME.
The working group is also considering a technical alternative which is an
Elgamal variant. We do not believe we have any patent coverage on this
alternative. We don't have any preference as to what mechanism the working
group should choose: we just want to make it possible for the group to
implement whatever its choice is without cost.
Our proposed patent license would involve:
- No licensing cost and royalty-free.
- Field of use is CMS and PKIX.
- Would grant rights to all issued and pending patents which are
required
to
implement mandatory technologies in current CMS and PKIX
specifications.
- Licensing party would have to confer on Certicom the same rights for
their
similar patents. (Free license for those which block CMS & PKIX.)
- To license, you just need to sign the license and send it to us; we
will
sign
and return it, but your license is good starting when you submit it to
Certicom.
I've got a lawyer working on the language now and I hope to have an update
within a week.
- Tim Dierks
tdierks(_at_)certicom(_dot_)com