From: "Paul Lambert" <plambert@xxxxxxxxxxxx>
To: ho@xxxxxxxxxxxxx (Hilarie Orman)
cc: kent@xxxxxxx, ipsec@xxxxxxx
Date: Mon, 20 Jul 1998 16:25:34 -0700
Subject: Re: Patent & licence for IPSec ?
Hilarie,
I assume that your note below indicates that you personally do not have any
patents filed or patents issued related to IPsec.
>> At this time are not aware of any intellectual property issues with the
>> base IPsec protocols and algorithms, or with IKE use of D-H. Use of RSA
>> for certificate signatures, or use of ECC for key exchange does involve
>> patent issues.
>
>ECC over F[2^p] for DH key exchange does not infringe on intellectual
>property.
>
>Hilarie
Certicom has pending patents that cover secure and efficient
implementations of Elliptic Curve Cryptography (ECC) over both F[2^m] and
F[p]. Some of the pending patents for secure implementations of public key
technologies may also cover implementations of the current mandatory
portions of IKE in IPsec.
A statement of our non-exclusive and nondiscriminatory patent licensing is
available at:
http://grouper.ieee.org/groups/1363/letters/Certicom.txt
The pending patents include some mechanisms to provide more efficient
processing of ECC based on F[2^m] with "m" being composite. Note that our
cryptographic research group invested considerable effort in composite
techniques some years ago. They are now only advocating the use of "m"
prime based on security considerations. Note that Certicom has more
patents pending on F[2^m] with m composite than for F[2^m] prime. As we
have discussed on this list before, it is strongly recommended that the
IPsec use of ECC not support composite 2^m, but rather use only prime 2^m
curves. This would provide much better security and would incorporate less
potential IPR from Certicom
Regards,
Paul A. Lambert
VP. Product Management
Certicom Corporation
San Mateo California
+1-650-312-7996