[Cryptography] Licensing OCB (RFC 7253)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Jun 9 11:00:36 EDT 2014


"Salz, Rich" <rsalz at akamai.com> writes:

>I don't want to turn this into crypto-law (as opposed to, say, crypto-
>beginning-c-programming) but

Same here, I'm not trying to create some OSS-vs-whatever argument, just point
out what the real problem is:

>I was not clear enough.  Of course I meant the ability to use it in products
>which are then used by your customers.

That's not the issue though.  Lets say there's some super-duper new algorithm
(to avoid picking on OCB) called FooX that's available under RAND terms, and
that I license to put in my code, which gets used in SSL servers.  Unless
every single vendor of SSL software in the whole world also licenses FooX,
there's not much point in me deploying it because it's going to lock out
users.  The chances of everyone else in the world also licensing FooX are,
well, about zero, for the same reason why I don't license it.

That's what I meant by the fax machine effect, if you're the only person in
the world who owns a fax machine (or SSL server running FooX) then not only
does it have little positive value, it actually has negative value because it
prevents others from communicating with you.

Peter.


More information about the cryptography mailing list