openssh unix dev - Dec 2000 - More [A tangent on RC5] Cryptography patents (was: openssl lib question.)

I hate following up to myself, but
I thought a clarification of one
point (specifically WRT RC5 which
was mentioned in the original question)
might be worthwhile...because what
I should have said originally was
that "To the best of my non-legally-
admissible knowledge, however, none
of the algorithms in the current
 *OpenSSH* implementation are currently
encumbered by patents that would
restrict their use in any country." 
I definitely can't categorically
discuss every algorithm which is
implemented in OpenSSL.

Anyway, I knew that there were issues
with RC5 but was reasonably certain
that they didn't impact OpenSSH.
I took more of a look at some
of the links I had found (and several
follow-ons), and verified that:
1.  A patent for RC5 was granted to
	RSA Data Security in March 1998
  http://www.delphion.com/details?pn=US05724428__
	(although RSA's website claims
	the patent was granted May 1997.)
2.  RC6 (the AES competitor follow-on
	to RC5) is "proprietary of RSA
	Security"--and although it's not
	public knowledge as to whether
	a patent application has been
	submitted for RC6, I would
	think it likely.  (The two
	main patents on RC5 would seem
	to cover RC6 as well, in the
	opinion of most legally-minded
	cryptographers.  In fact, there
	is some reason to believe that
	the patents on RC5 helped cause
	the selection of Rijndael as the
	AES-designate--not because it
	is clearly the best, but because
	it is more definitively
	unencumbered.)
3.  I can find bugger-all information
	(other than what's above) to be
	able to verify what the exact
	usage/licensing terms of RC5
	really are for the rest of us.
	That would appear to be intentional,
	since it's RSA Security's most
	important remaining patent
	(in my very humble opinion).
	RSA Security would, one expects,
	grant a license for RC5 usage
	when given sufficient money.
4.  It doesn't appear to matter, since
	OpenSSH doesn't actually use
	RC5.  OpenSSH does allow "Arcfour",
	which is widely believed 
  http://home.earthlink.net/~neilbawd/arcfour.html
	to be equivalent to the RSA RC4* 
	algorithm, but does not use RC5.
5.  Most importantly, the bottom of the
	ssh(1) clearly states at the
	bottom that "This version of
	OpenSSH has all components of a
	restrictive nature (i.e., patents)
	directly  removed  from  the  source
	code;  any licensed or patented
	components are chosen from external
	libraries", and the OpenSSH FAQ
	discusses patents as well (down
	in questions 5 & 20):
  http://www.openssh.com/faq.html
	--so the question is for
	another list or lawyer, and should be
	phrased, "Of this list of algorithms
	which OpenSSH actually uses, which
	ones (if any) are encumbered?"
	I am confident that the answer is
	"none".  If on the other hand you
	are using OpenSSL in another
	application, then the question is
	still for another list.

[* The name RC4 is copyrighted by RSA
   Security and their implementation of
   RC4 was/is a tradesecret, but the
   mathematics of RC4 are not patented.]

Again, hope this dissertation helps in
more than just filling up your inbox--

Rip Loomis		Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com

> -----Original Message-----
> From: Loomis, Rip [mailto:GILBERT.R.LOOMIS at saic.com]
> Sent: Friday, December 29, 2000 3:24 PM
> To: 'Sunil K. Vallamkonda'
> Cc: openssh-unix-dev at mindrot.org
> Subject: Cryptography patents (was: openssl lib question.)
> 
> 
> Sunil--
> Actually, you do not "see that openssl
> has some patent issues."  You do see that
> OpenSSL implements many algorithms, some
> of which have been (at various times)
> been patented or encumbered in some
> countries.
> 
> Without knowing what country you're in,
> none of us here can really give useful advice
> as to which software/algorithm patents
> could potentially apply.  To the best
> of my non-legally-admissible knowledge,
> however, none of the algorithms in
> the current OpenSSL implementation
> are currently encumbered by patents
> that would restrict their use in any
> country.  (I'll have to defer to others
> with more specific knowledge on this,
> of course).
> 
> Specifically, DES, 3DES, and SHA-1 are
> US Government standards and (even if
> still under patent) are in general
> usable worldwide without royalties.
> RSAREF should no longer be required
> in any environment, as the primary RSA public
> key algorithm is now unencumbered:
>   http://www.rsasecurity.com/news/pr/000906-1.html
> (In fact, if you're using RSAREF and
> haven't applied patches, you may be
> vulnerable to specific attacks.)
> The only patent-encumbered algorithm
> of which I'm aware which is included
> in any SSH implementation is IDEA--
> which is very specifically not
> included in OpenSSH.
> 
> Perhaps a better place to ask this
> question isn't on the OpenSSH list,
> but on one of the many official
> OpenSSL lists:
>   http://www.openssl.org/support/
> You could also take a quick look
> around on Google for pointers.  It
> didn't take me a whole lot of searching
> to happen upon
>   http://www.rsasecurity.com/rsalabs/faq/
> which has a good section on the key
> patents affecting cryptography, or
>   http://www.mail-archive.com/openssl-users at openssl.org/msg01425.html
> which is a posting to one of the
> OpenSSL lists regarding patents on
> cryptographic algorithms.
> 
> Hope this helps, and Happy New Year if
> you choose the Gregorian calendar!
> 
> Rip Loomis		Voice Number: (410) 953-6874
> --------------------------------------------------------
> Senior Security Engineer
> Center for Information Security Technology
> Science Applications International Corporation
> http://www.cist.saic.com
> 
> 
> 
> > -----Original Message-----
> > From: Sunil K. Vallamkonda [mailto:sunil at redback.com]
> > Sent: Friday, December 29, 2000 2:48 PM
> > To: Markus Friedl
> > Cc: openssh-unix-dev at mindrot.org
> > Subject: openssl lib question.
> > 
> > 
> > Hello,
> > 
> > 
> > I am trying to use openssh with openssl lib on
> > NetBSD.  I am not a security expert, thus sending
> > this email to the list. I am not looking for
> > legal advice (which I will contact lawyer), but looking
> > to get general info on what algorithms (such as RC5 etc..) 
> > in openssl are used by openssh that may need legal attention.
> > And what are the alternatives ?
> > 
> > I see that openssl has some patent issues. It
> > has many ciphers and algorithms:
> > 
> > BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
> >          CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt,
> > RC5_32_decrypt,
> >          RC5_32_encrypt, bn_add_words, bn_div_words, 
> bn_mul_add_words,
> >          bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
> >          bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
> >          des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, 
> > des_encrypt3,
> >          des_ncbc_encrypt, md5_block_asm_host_order,
> > sha1_block_asm_data_order
> > 
> > Which of above are legal contenders ?
> > Are BSAFE/RSAREF part of above ?
> > 
> > Any information/pointers is appreciated.
> > 
> > 
> > Thank you.
> > 
> > Sunil.
> > 
> > 
> > 
> > 
> > 
> > 
>