OpenSSH SRP 3.8.1p1 patch

[Tom Wu]

Ben Lindstrom wrote:
> 
> Not to beat a deadhorse.. But the IPR released by IETF states they are
> "investigating how it relates".  Has Phoenix ever submitted a formal
> document from their legal department to IETF or stated publicly stated
> that they have "closed" the issue and that SRP *DOESN'T* fall under their
> Patent 6,226,383?

Is there any precedent for this, though?  Has any corporation in recent 
memory said, "sure, it's okay to use this competing techology, instead 
of licensing ours"?  If they can remain silent and get the benefit of 
the doubt, they'll do it.

> The best I've ever seen is you and others saying "Oh there is no
> problem."  Which is not comforting in the least.

That's not what we're saying - it's more along the lines of "The burden 
of proof is on the claimant, Phoenix in this case, and they haven't 
produced any convincing evidence."

> I think if you and Stanford really wish to put this to bed I'd ensure that
> the IETF gets another email stated it doesn't conflict to add to the above
> URL that was posted.  If Phoenix legal department is not willing to do
> that than I think it's best to avoid the technology.

The problem with this stance is that it allows anyone to deny access to 
a competitor's technology, especially in the OSS/Free software space, 
simply by making a vague IP assertion and then refusing to issue an "all 
clear", akin to SCO's behavior with Linux.  I don't think rewarding bad 
faith and behavior is a good idea.

> - Ben
> 

Tom
-- 
Tom Wu
Chief Security Architect
Arcot Systems
(408) 969-6124