SRP unencumbered license statement
RJ Atkinson
rja at inet.org
Tue May 1 23:17:41 EST 2001
At 03:54 01/05/01, Tom Holroyd wrote:
>Stanford University is granting a royalty-free license for RFC 2945
>implementations -- and the OpenSSH SRP implementation is of that sort.
>That is, not only are we free and clear, but the algorithm is safe from future claimjumpers trying to patent it.
>
>Not to mention that it provides strong authentication of both client *and* server, even when the host key has changed or is unknown,
>and it doesn't leak any information to eavesdroppers or MITM. :-)
The Stanford IPR release to IETF is clear and says that
bi-directional authentication mode (SRP-Z) requires a
separate licence, and is not free. Only implicit server
authentication mode is free.
Your statement above appears at variance with the actual
words from Stanford. I'd encourage folks to go read the actual
words from Stanford, not anyone's interpretations of them.
Ran
rja at inet.org
More information about the openssh-unix-dev
mailing list