[Cryptography] To what is Anderson referring here?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jun 5 05:29:27 EDT 2014
Jerry Leichter <leichter at lrw.com> writes:
>I think we have the meat here for an Anderson-like study: Has any actually
>made money from a crypto-related patent? The EKE/SPEKE patents have blocked
>progress on authentication for years; but has anyone actually licensed them?
I asked David Jablon, author of US Patent 6,226,383 (the only remaining one of
EKE and SRP that isn't freely usable) about this some time ago and his
response was a somewhat ambiguous mix between "I've earned a little off it but
not much" and "I'd rather have it not used at all than let it be used for
free".
In any case I don't think it's the patents that have prevented use, it's the
perception that if you want to do authenticated key exchange you have to use a
PKI, anything else is unacceptable. Heck, the IPsec folks more or less made
this explicit:
all password-based authentication is insecure; IPsec is designed to be
secure; therefore, you have to deploy a PKI for it
See my earlier message about this, TLS-PSK and TLS-SRP are freely usable and
have been for years; no-one supports them.
Peter.
More information about the cryptography
mailing list