[cryptography] NSA's position in the dominance stakes
David G. Koontz
david_koontz at xtra.co.nz
Tue Nov 16 15:01:23 EST 2010
On 17/11/10 4:50 AM, Paul Hoffman wrote:
> Marsh: could you be more specific on which patents you think apply
> to normal use of ECDSA and ECDH? Or were you just saying "because
> some company says they have patents, I believe them"? For extra
> credit, please read draft-mcgrew-fundamental-ecc-03.txt and suggest
> where it might be wrong.
When searching for the above .txt with filetype:pdf the first hit in Google:
I. Patent Holder/Applicant (“Patent Holder”): Certicom Corp.
IV. IETF Document or Other Contribution to Which this IPR Disclosure
V. Disclosure of Patent Information (i.e., patents or patent
applications required to be disclosed by section 6 of RFC3979)
A. US6704870, granted on March 9, 2004 (Yes, published)
B. US7215773, granted on May 8, 2007 (Yes, published)
VI. Licensing Declaration:
Patent Holder is currently aware of the information disclosed in
V., supra, which may relate to one or more implementations of IV.,
supra, which may become incorporated in an IETF RFC. To the extent
that Patent Holder’s existing intellectual property rights under V.,
supra, may cover an implementation of a product compliant with the
reference in IV., supra, Patent Holder informs that it and its
Affiliates will make a license available on fair, reasonable and
non‐discriminatory ("FRAND") terms and conditions based on
reciprocity to all persons desiring to implement the aforesaid
IETF RFC under such patent rights (e.g., make, use, sell, import,
distribute, copy, etc.) the Patent Holder owns, solely to the extent
such technology is essential to comply with the IETF RFC.
The point being that Certicom is asserting they have two patents that
read on the draft "which may relate to one or more implementations of
IV., supra, which may become incorporated in an IETF RFC".
The first patent is for digital signatures on a smart card. The second
is for a key validation scheme.
FRAND is incompatible with a good portion of open source licenses, all
of them as a principle by the Open Source Initiative:
Open Standards Requirements for Software - Rationale,
Draft 5; 2006-09-19
The Purpose of Open Standards
The purpose of an open standard is to increase the market for a
technology by enabling potential consumers or suppliers of that
technology to invest in it without having to either pay monopoly
rent or fear litigation on trade secret, copyright, patent, or
trademark causes of action. No standard can properly be described
as "open" except to the extent it achieves these goals.
You cannot for instance distribute software under the GPL that requires
payment or rent by a downstream recipient. The GPL doesn't support the
restriction of field of use by the recipient which lets out "terms and
conditions based on reciprocity to all persons desiring to implement the
aforesaid IETF RFC under such patent rights" as a restriction were
someone to pony up blanket license fees.
One would think it possible to avoid the patents. You could contemplate
needing a lawyer to implement an 'open standard'. (This is the "or fear
litigation" on "patent" "causes of action").
One way out or the morass would be to have a reference implementation
known not to infringe. An explanation of the bounds of the patents
against the implementation would be helpful for those seeking to modify
performance or deny say power analysis attacks (should such be
More information about the cryptography