Subject: Re: openssl license change
To: None <itojun@iijlab.net>
From: Robert Elz <kre@munnari.OZ.AU>
List: tech-security
Date: 09/24/2002 19:21:41
    Date:        Tue, 24 Sep 2002 20:57:44 +0900
    From:        itojun@iijlab.net
    Message-ID:  <20020924115744.3A2024B23@coconut.itojun.org>

  | 	we may need a professional legal advice on it

That's always a reasonable idea.

  |    - once code goes into openssl repository, it is unclear if Sun
  |     changes are all inside #ifdef, or not.

It doesn't matter.

  |     so i'm not sure if we can avoid Sun license by doing #define
  | 	NO_SUN_CODE.

There is no sun licence to avoid.   I'll reply to a message Chris Wareham
sent a few minutes ago with more explanation.

itojun@iijlab.net said in a separate message:
  | 	and as i believe you are well aware of, there are *a lot* of patents
  | 	filed for elliptic curve crypto algorithms. 

No, the legalities of cryptography (and cryptography in general) aren't
my field.   I have no idea how many patents exist in this area, but I will
believe you about this.

That means two things - vendors owning such patents would want to take care
before using the Sun code.   They might prefer to replace it with their own
algorithm instead (though I have no idea what that means to interoperability).
Then the various people get to all fight it out legally if they feel inclined.

Or, they may choose to accept Sun's covenant, give one in return, and get
to implement all of this without needing to get into (quite as many)
patent fights.

kre