SRP secure remote password authentication

Ben Lindstrom mouring at etoh.eviladmin.org
Thu Sep 18 19:21:26 EST 2003



On Wed, 17 Sep 2003, Tom Wu wrote:

> Damien Miller wrote:
> > On Thu, 2003-09-18 at 05:19, Tom Wu wrote:
> >
> >>SRP is, if anything, the protocol with the *least* problematic patent
> >>license:
> >>
> >>   http://www.ietf.org/ietf/IPR/WU-SRP
> >
> >
> > And what about the claims that other companies make on SRP? E.g.
> >
> > http://www.pdl.cmu.edu/mailinglists/ips/mail/msg09292.html
> >
> > You know about those and yet you fail to mention them.
>
> If you look carefully at such "claims", you'll see that they are filled
> with "may"s and "might"s, if in fact there is any claim being made at
> all.  Unless there is some more substantiation that would allow one to
> distinguish them from frivolous claims designed to cause marketplace
> confusion/fear, I don't see why anyone, especially OSS projects
> ostensibly opposed to precisely this kind of patent abuse, should grant
> them any kind of legitimacy.
>

NORMALLY companies don't say "may" or "might" unless there is a damn good
reason.  Most business really do want to be upfront and honest (there are
accepts to this rule).

Personally, I'd rather not touch it until those companies make an official
announcement clearing or granted.  And so far neither are forth coming.
So I don't see a need to be the first to jump into the pool just to be bit
in the ass by the shark

- Ben




More information about the openssh-unix-dev mailing list