From: Ken Raeburn [raeburn@MIT.EDU]
Sent: Friday, December 22, 2000 12:56 AM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: SRP is being patented - don't be so quick to use it.

David Wheeler <dwheeler@IDA.ORG> writes:
> Trouble is, I understand that SRP is in the process of being patented,

> A _very_ large number of developers, including essentially all open source
> developers, _automatically_ avoid all patented algorithms unless there's
> a generous patent grant. Patented algorithms cannot be used at all
> in open source programs unless there's a patent grant to permit it.

I got two things on this from Tom Wu when we talked at the last IETF
conference about using SRP to better protect the initial exchange in
Kerberos:

 1) Stanford has granted such permission regarding the SRP algorithm
    described in RFC 2945, and the IETF has been sent a letter saying
    so.  However, I haven't seen the letter and don't know the exact
    terms, so don't take this as gospel.

 2) There's another SRP variant, which I think is supposed to be a
    little more efficient in terms of message traffic in some
    situations, which is also (being?) patented, and for which this
    permission has not been granted.  I don't know how the two differ.

Since these problems have (supposedly) been addressed, I'm looking at
moving forward with an Internet Draft for this use with Kerberos,
pending my actually finding out the terms of the letter.  (Though I'm
also looking at Radia Perlman's "pseudorandom moduli" work.)

Ken