[openssl-users] ECC patent status questions
Jakob Bohm
jb-openssl at wisemo.com
Thu Sep 1 12:22:20 UTC 2016
Dear OpenSSL team,
Given the recent patent lawsuit between RIM/CertiCom and Avaya
mentioning the ECC code in OpenSSL, what is (according to the
OpenSSL team) the patent status of the ECC code in OpenSSL?
Specifically:
- Was the OpenSSL ECC code provided under a still-valid patent
license from someone in the power to grant it, perhaps Sun
(now Oracle America)?
- Is the FIPS mode ECC covered through some US Government or
sponsor license?, And if so, does this license extend to
some non-FIPS scenarios, such as invoking the FIPS blob ECC
code from a non-FIPS application (perhaps by modifying a
FIPS-capable OpenSSL library to do so even in non-FIPS
mode)?
- Are there portions of the ECC code in OpenSSL which one
should disable at configure time, similar to how RSA and
IDEA were often disabled in the past?
- Is this situation different depending on the OpenSSL
library version?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list