[cryptography] uprove digital credentials

Greg Thompson gregth at gmail.com
Fri Mar 19 00:43:56 EDT 2010

On Mar 18, 2010, at 5:57 AM, Adam Back wrote:

> Hi
> I had a read of the OSP but I am not that familiar with the concept.
> Does it mean that one could use the specification for any application:
> eg use the serialization given for ecash, anonymous tokens of some
> kind - something that is not directly an envisaged use case.
> And would it be allowed to deviate from the serialization eg say you
> needed to use elliptic curve, or a compact serialization for
> convenience would that non-conformance to spec prevent one benefiting
> from the OSP?  (Not that typically following the serialization should
> be an issue for most applications I would presume).

As you noticed, the crypto spec doesn't dictate serialization, so have a ball.  As far as ECC goes, I'm afraid you're out of luck since the spec does dictate the subgroup construction.  On the plus side, the crypto spec doesn't say anything about how the tokens must be used.  I can't say whether or not that necessarily means that you can do absolutely anything with them (e.g., someone out there may have some patent claims on whatever application you're thinking of).

More detailed questions about what the OSP means are out of my jurisdiction.  I can say, however, that I'll do what I can (which might not be much :-) ) to get the company's lawyers to clarify anything that may be of concern.

As before, I'm speaking as me rather than as a representative of the company.



More information about the cryptography mailing list