Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
patents situation,
Unfortunately, the patent system seems to be such that even if i were a patent lawyer (i am not, fortunately), i could make no iron-clad guarantees. The best i can offer is a sort of suggestive inference:
I'm aware that there are no guarantees. I think a reasonable requirement for implementing a new algorithm (ecc or otherwise) is that at least all known patent holders license related patents on royalty-free (and otherwise GPL compatible) terms.
Jeffrey Walton noloader@gmail.com writes:
I think Daniel is on the right track by choosing standardized domain parameter support. When using standard parameters, you only have to choose your private key and publish the public key. In this case, RFC 5114 - Additional Diffie-Hellman Groups for Use with IETF Standards (et al), would also be of interest.
Noted.
For those interested, Certicom, which holds many EC patents and is owned by RIM, lost a few "slam dunk" cases recently. The events caused paralysis in RIM's legal department to the point where the sales team has not inked a license in over a year. When I inquired about licensing over the summer, I was told to go to RSA Data Securities even though RSA is probably violating Certicom. The fellow who advised me worked for Certicom.
Intriguing story... as I've said, I haven't been following the area.
My conclusions for now are:
1. It makes sense to add support for certain elliptic curves or types of curves to nettle. I'm still not quite sure what the applications are, diffie-hellman key exchange have been mentioned, do the most important standards also use them for encryption and signatures (e.g., ElGamal style)? The implementation ought to include an ecc exponentiation primitive that can be used for various applications.
(BTW, Nettle currently doesn't include any support for ElGamal using the usual modular group, is that something that would be useful? I try to give higher priority to algorithms that are in used in real protocols and applications, and lower priority to more academic constructions).
2. I will not have much time to spend on ecc in the near future. I'm happy to comment on, and integrate, well-written patches. As usual, test cases are a very important part of the implementation...
3. On the legal side, I'd like to have some clear evidence that the particular curves implemented are unlikely to lead to trouble with known patents, possibly with fsf legal staff or sflc in the loop. I'm not sure I know the area well enough to provide all needed input to legal staff, though, so I may need help with this part as well.
Regards, /Niels