MESSAGE
| DATE | 2002-09-23 |
| FROM | From: "Inker, Evan"
|
| SUBJECT | Subject: [hangout] OpenSSL Gets a Gift from SUN (Or maybe not?) - READ THE SUN AGREE
|
Sun License to use ECC
/* crypto/engine/tb_ecdh.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH engine software is originally written by Nils Gura and
* Douglas Stebila of Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the Contribution as delivered hereunder
* (or portions thereof), provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the Contribution;
* 2) separates from the Contribution; or
* 3) for infringements caused by:
* i) the modification of the Contribution or
* ii) the combination of the Contribution with other software or
* devices where such combination causes the infringement.
*
* The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
Laboratories.
*
*/
Is It Just me or doesn't it seem not "too Open Source" but restrictive...
ENGLISH TRANSLATION
List: cryptography
Subject: Re: Sun donates elliptic curve code to OpenSSL?
From: pgut001-at-cs.auckland.ac.nz (Peter Gutmann)
Date: 2002-09-23 5:04:09
Greg Broiles writes:
>Sun is promising not to sue people for patent infringement for using Sun's
>code as provided in the OpenSSL library, provided that the people who don't
>want to be sued comply with a list of conditions: > >(1) they promise not
to sue Sun for infringing any of their own patents which >might cover the
use of the donated code > >(2) don't modify Sun's code as provided by Sun,
don't use only parts of the >donated code, and don't remove the license text
from the code.
Doesn't this exclude it from being used in OpenSSL, since it violates the
license? * The licence and distribution terms for any publically available
version or * derivative of this code cannot be changed. i.e. this code
cannot simply be * copied and put under another distribution licence *
[including the GNU Public Licence.]
Open-source group gets Sun security gift
By Stephen Shankland
Staff Writer, CNET News.com
September 19, 2002, 1:27 PM PT
SAN FRANCISCO--Sun Microsystems has donated new cryptography technology to
an open-source project at the heart of many secure transactions on the
Internet.
Sun's "elliptic curve" technology is involved in the process of using keys
to encrypt and decrypt information for electronic transactions. Such
encryption lets people buy products online, for example, while shielding
their credit card number from prying eyes. The Santa Clara, Calif.-based
server seller donated the technology to the OpenSSL
project, a programming group that makes an
open-source version of the Secure Sockets Layer (SSL) encryption system.
Elliptic curve cryptography will enable secure communications with devices
that don't have as much calculating power as most desktop computers, said
Whitfield Diffie, Sun's chief security officer and a pioneer of the
Diffie-Hellman "public key" cryptography method used today in SSL and other
encryption systems. Diffie spoke Thursday during a news conference at the
SunNetwork conference here.
"Small gadgets are the most obvious place to use it," Diffie said, but once
the technology is built, it likely will spread farther. "The deployment
schedule is on the order of several years to a decade unless something comes
along in the interim. I would conjecture that by 2010 or so, this will be
widely used."
Current encryption technology is based on mathematics developed in the 17th
and 18th centuries, Diffie said. "Elliptic curve cryptography brings it
forward into the mathematics of the 19th century," he said.
Diffie exhorted companies to build security into computing services from the
start, not patch it on at the end, and announced Sun products to help in
that plan. In combination with software and hardware companies, Sun
announced a partnership to build a "perimeter security" product that handles
problems at the boundary of corporate computing networks and the public
Internet. The product will filter out undesired network traffic, detect
intrusions and screen for viruses.
Sun also announced a secure Web server, the software that delivers Web pages
across the Internet. Because Web servers typically are very public, they're
a particular target for attacks over the network.
The increasing reliance on computer-based records compared with paper-based
records makes good computing security essential, Diffie added. "Ten years
ago, probably you'd have been OK if you lost your computer files and you had
your paper records," but no longer.
Diffie's cryptography work didn't always sit well with U.S. government
agencies that wanted to keep control over computer security, he said. Today,
the government recognizes that there needs to be a collaboration with the
private sector. Reinforcing the point, Diffie shared the stage with Richard
Clarke, President Bush's special advisor on cyberspace security, who
unveiled on Wednesday a public-private sector plan to increase computing
security.
"The government tried to regulate cyberspace. By the time (the policies
were) written and published and commented on, the technology would have
moved on," Clarke said. "We recognize that the government neither owns nor
operates most of the critical infrastructure in the U.S."
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
____________________________
New Yorker Free Software Users Scene
Fair Use -
because it's either fair use or useless....
|
|
