[openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

[Jayalakshmi bhat]

Hi All,

Thanks for the inputs, This gives me a good understanding on these ciphers
usage.

Thanks and Regards
Jayalakshmi

On Thu, Dec 7, 2017 at 10:31 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:

> On 07/12/2017 15:05, Michael Wojcik wrote:
>
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>>> Of Jakob Bohm
>>> Sent: Thursday, December 07, 2017 08:41
>>> To: openssl-users at openssl.org
>>>
>>> And I would still say that "consult a lawyer" is a useless answer,
>>> especially as most OpenSSL users will be in the same legal situation,
>>> and lawyers opinions on patent matters are frequently found by courts
>>> to be wrong anyway.
>>>
>> Well, I suppose we'll have to disagree on that point. Speaking
>> hypothetically, if I were the product owner for a commercial software
>> product that used OpenSSL, I would most certainly be raising the question
>> with corporate counsel.
>>
>> This is a complex and fraught area, and the OpenSSL Foundation is not
>> able (and I'm sure not inclined to try) to indemnify OpenSSL users against
>> infringement claims. To a large extent it doesn't matter what they say. A
>> license file in the OpenSSL distribution is not likely to discourage an IP
>> owner from claiming infringement if they're so inclined. At that point
>> "local" lawyers will be involved whether you like it or not.
>>
> Of cause OpenSSL cannot indemnify users.  This is why my actual
> questions to the OpenSSL project were mostly about what 3rd party
> assurances that the project had received and could pass on.  For
> example written patent license statements by Sun/Oracle (in
> conjunction with their 2002 ECC contribution), waivers by
> CertiCom etc.
>
> Even if some companies will want to run everything by their
> corporate council, corporate council can make much more useful
> statements if they can start from some legal documents and
> statements rather than having the lawyers try to pour over C
> code and published patents.
>
> I also don't believe that "most OpenSSL users will be in the same legal
>> situation". Here again, patent law is complicated. And more importantly,
>> well-heeled users are much more likely targets of actual infringement
>> claims, which is a very different situation indeed.
>>
>> Point is, that in this global world, most producers are potentially
> exposed in lots of "foreign" jurisdictions, and most corporate
> counsel, while potentially well-heeled in general patent law, are
> unlikely to have specific knowledge of the various patents, licenses
> and waivers applicable to ECC crypto.
>
> Being able to say "we only ship to customers in China and outer Mongolia,
> and under those local laws there is no risk" is a lot rarer than "we ship
> globally except a few problematic destinations, we don't want to be
> hauled to the Eastern district of Texas by Certicom, so we want to
> know if we have contractual assurances that Certicom is OK with using
> OpenSSL builds that have the ECC code enabled"
>
> That latter situation happens to also be the situation of the OpenSSL
> project itself, except the degree of being a litigation magnet, thus the
> likelihood that the project has obtained some legal documents that can
> be passed on, making no independent promises other than those being true
> and accurate copies of documents signed by their outside authors.
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171211/a682b214/attachment.html>