SRP unencumbered license statement

Tom Holroyd tomh at po.crl.go.jp
Tue May 1 17:54:00 EST 2001


On Sun, 29 Apr 2001, RJ Atkinson wrote:
> At 06:26 27/04/01, Tom Wu wrote:
> >For those of you who were following the discussion about the new draft
> >and implementation of SRP-based password authentication in OpenSSH, I
> >promised to have Stanford issue the IETF an official, explicit,
> >statement reiterating the unencumbered royalty-free licensing terms.
> >The new statement is now available from the IETF's IPR page.
>
> Thanks.
>
> For those who are having trouble finding the URL:
>         http://www.ietf.org/ietf/IPR/WU-SRP
>
> Note that there are specific limits to the Stanford grant of rights,
> so I'd ask that we try to stay within the "no payment needed"
> portion of SRP if SRP is adopted...

Stanford University is granting a royalty-free license for RFC 2945
implementations -- and the OpenSSH SRP implementation is of that sort.
That is, not only are we free and clear, but the algorithm is safe from
future claimjumpers trying to patent it.

Not to mention that it provides strong authentication of both client *and*
server, even when the host key has changed or is unknown, and it doesn't
leak any information to eavesdroppers or MITM.  :-)

So, SRP is ready to go.

Speaking of which, an up-to-date tarball and patch are available:

http://members.tripod.com/professor_tom/archives/OpenSSH-2.9p1-srp7.tar.gz
http://members.tripod.com/professor_tom/archives/OpenSSH-2.9p1-srp7.patch.gz

The patch is vs. the 20010501 CVS, the tarball is self-contained (remember
to left-click on those links to download the files from Tripod).  See the
README.SRP file for more info and installation instructions.

Here is the signature of the tarball (OpenSSH-2.9p1-srp7.tar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAjruZOIACgkQiGAp74wl3UMoUwCfejrst7al79Ae7IKiqb/mBqbT
8KkAnjqAn06OLSYZYsrP9rsEMTNUu6PO
=XcK7
-----END PGP SIGNATURE-----
and here is the signature of the patch (OpenSSH-2.9p1-srp7.patch)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAjruZmsACgkQiGAp74wl3UM7EQCfca/fV5WVzFCmY3WAyte7apCs
pJMAnj02ym/1U1VPtKB7AI31Ovz35J5b
=mNHP
-----END PGP SIGNATURE-----

My GPG public key is available from standard keyservers.

Dr. Tom Holroyd
"I am, as I said, inspired by the biological phenomena in which
chemical forces are used in repetitious fashion to produce all
kinds of weird effects (one of which is the author)."
	-- Richard Feynman, _There's Plenty of Room at the Bottom_




More information about the openssh-unix-dev mailing list