Fedora/Redhat and perfect forward secrecy
gmaxwell at gmail.com
Mon Sep 9 19:17:10 UTC 2013
On Mon, Sep 9, 2013 at 11:46 AM, Paul Wouters <paul at nohats.ca> wrote:
> [not speaking for Red Hat]
> You seem to believe only valid legal claims can put Red Hat in court.
Of course not.
Though I'm not aware of anyone making any claims at all over basic
non-specially optimized ECDH on prime fields. Perhaps RedHat is,
though if certicom/rim is out patent trolling on the basic stuff it
would be a shame to keep it a secret: They should take the goodwill
loss they deserve if they're going around claiming to own techniques
published in the mid 80s.
You're going to have a lot of software to remove if the _possibility_
of someone putting RedHat in court is the bar here. There are a _LOT_
more patents on compilers than on elliptic curve cryptography.
Or just patents on simple arithmetic optimizations, lets see US6073150
assigned to Sun.
This one patents computing the absolute value of a signed number using
masking by sign extension: E.g.
Set mask = x>>(sizeof(x)*sizeof(char)-1); absx = (x^mask)-mask.
Oh looky looky, GCC in Fedora 19 on x86_64 compiles "int x; x =
abs(x);" to this:
sarl $31, %eax
xorl %eax, -4(%rbp)
subl %eax, -4(%rbp)
Good thing nothing in Fedora uses abs() and that Sun's patent's would
never be held by a potentially hostile company so you don't have to
depend on the fact that this technique was published eons before the
since that the invalidity of the claim can't be ensured to keep RedHat
out of court.
And this is an example where we actually do the stuff that is
patented. I do not believe there are any granted but invalid patents
that would preclude using basic ECDH over prime fields. Maybe there
are and RedHat has heard of some, but if so the world would certainly
like to know that someone actual had a concrete risk here and this
wasn't someone just pattern matching "ECC = Patents ZOMG!" in a way
that they don't go "Compilers = Patents ZOMG!".
More information about the devel