[Cryptography] Large companies sued for using Elliptic Curve TLS?

Rob Stradling rob.stradling at comodo.com
Tue Dec 1 15:31:00 EST 2015

On 01/12/15 13:09, Phillip Hallam-Baker wrote:
> On Tue, Dec 1, 2015 at 7:07 AM, Perry E. Metzgerwrote:
>     Anyone know anything about this? The claim is huge numbers of
>     companies (that is, end users like Macy's and GoPro) are being sued by
>     a patent troll for using elliptic curve cryptography on their web
>     sites.
>     http://www.theregister.co.uk/2015/12/01/cryptopeak_sues_/
>     If this is true, it could be a very serious situation.
> The claims all specify a proof that the keys were generated with a
> specific algorithm.
> As DJB points out 'nobody does that'.

That quote in full:

'Daniel J. Bernstein
Patent 6202150 claims generating keys with "a proof that the keys were 
generated by a specific algorithm". Nobody does that. Bogus lawsuit.'

> It might be something you should arguably do for ECDHE but the spec
> doesn't support that.
> https://patents.google.com/patent/US6202150B1/en

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the cryptography mailing list