SRP Patch Integration?

Tom Wu tom at
Wed Feb 13 04:30:35 EST 2002

Niels Provos wrote:
> SRP would be useful to have.  However, as it is patented I do not know
> if it can be included in OpenSSH.  The grant in the patent seems to
> place restrictions on the licensee.

Are you referring to the distinction between SRP and SRP-Z?  The SRP
userauth mechansim is specifically based on RFC2945, which is
royalty-free, and does not use SRP-Z in any way.  Or were there some
other "restrictions" you were concerned about?

> It is not clear if EKE or SPEKE patents are required for a SRP
> implementation.
> As far as I see it, everything that is patented is tainted.
> Somebody who has money to pay a lawer needs to investigate
> this further.

This is an unreasonable position.  Are you familiar with U.S. Patent
number 5,231,668?  Its title is "Digital Signature Algorithm".  Doesn't
OpenSSH uses DSA?  Who paid for that investigation?

The reasoning is backwards, that's the problem.  Being patented is
clearly not the issue here.  If it were, half the algorithms in OpenSSH
would fail that test.  One still needs to come up with a reason why a
patent would pose a problem for OpenSSH, and no such good reason has
surfaced for SRP, which leads me to believe the IP issue is a red

> Niels.

Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."

More information about the openssh-unix-dev mailing list