current-users: Re: SRP, was PROPOSAL: adding capability for blowfish passwords

Subject: Re: SRP, was PROPOSAL: adding capability for blowfish passwords
To: NetBSD-current Discussion List <current-users@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 05/23/2002 13:39:28

[ On Thursday, May 23, 2002 at 09:07:02 (-0700), Bill Studenmund wrote: ]
> Subject: Re: SRP, was PROPOSAL: adding capability for blowfish passwords
>
> On Thu, 23 May 2002 xs@kittenz.org wrote:
> 
> > Any opinions of SRP (http://srp.stanford.edu/) as a password mechanism for
> > local and remote users?
> > (It wouldn't work as a crypt() replacement because it issues challenges.)
> 
> Yes, SRP is patented. So we and all NetBSD users would need licenses from
> Stanford. While Stanford might be willing to give them, we'd still need
> them.

Careful how you define "users".  Unless USA patent law has been
seriously mangled in recent years end users do not need patent licenses
-- only manufacturers.  So, yes, TNF would need a license, as would a
third-party developer who "manufacture" separate releases which include
the patented technology (eg. me, except I'm in Canada so unless I
distribute my work into the USA I don't need to worry about foreign
patents).  TNF doesn't have to worry about third party developers either
-- only the patent owner does (and of course so do the developers who
might use the patented technology, if they're worried about getting sued
or some such).  The good thing about not-for-profit stuff though
(eg. TNF, right?) is that it's pretty damn difficult to get blood from a
stone.  About the best the likes of Stanford might be able to do is get
a court order to prevent TNF from using the patented technology.

> Additionally when SRP was discussed on the iSCSI list, Lucent and Phoenix
> Technologies noted that SRP implementations "may" infringe on patents they
> hold (the EKE patent for Lucent, don't recall for Phoenix). So not only do
> you have to talk to Stanford, you have to talk to Lucent and Phoenix.

Software patents are stupid and infringe on everyone's rights.  :-)
(indeed the very concept of patents even for mechanical inventions is
highly debatable these days)

Y'all should just get your laws changed!  ;-)

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>