FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 06-21-2010, 03:07 PM
Paul Wouters
 
Default Fedora, DNSSEC and GOST (ECC like) algorithms with openssl

On Mon, 21 Jun 2010, Tomas Mraz wrote:

> Looking at it more closely actually for the DNSSEC GOST R 34.10-2001 it
> will not be possible to include it as it is elliptic curve based and all
> the ECC code is removed from our Openssl source and build. I do not know
> much about the ECC except it is a patent minefield and I will not go
> into details of the used algorithms and existing patents to examine
> whether this particular implementation is affected or not. This would
> have to be explicitly approved by Fedora Legal.

There are no IPR disclosures on any of the GOST algorithms filed with
the IETF, which is a strong signal that none of the patent holders of
ECC related patents has any objection. But I understand this could be
a matter for Fedora Legal. I could try and liason between Fedora Legal
and IETF IPR WG in gathering information that might convince Fedora Legal
all the due diligence is in place.

> So I suppose somehow making the rest of the GOST algorithms compile
> (which would require patching the source) would not help much in regards
> to the DNSSEC support.

This will become a serious issue once .ru starts deploying GOST based
signatures in their TLD zone.

I would be great if we could change the spec file to have a proper flag
to enable/disable GOST/ECC so that people can easilly rebuild with GOST
support if they need to (and it is legal for them). Would that be
legally possible?

Some references showing there should not be any known IPR issues filed
with the IETF that would prevent implementing RFC standards using ECC:

https://datatracker.ietf.org/iesg/ann/3304/
http://www.rfc-editor.org/info/rfc4357
http://www.rfc-editor.org/info/rfc4490
http://www.rfc-editor.org/info/rfc4491
http://www.rfc-editor.org/info/rfc5830
http://www.rfc-editor.org/info/rfc5831

All GOST / ECC IPR disclosures to IETF as per search on:
https://datatracker.ietf.org/ipr/search/?option=ipr_title_search&ipr_title_search=ECC
https://datatracker.ietf.org/ipr/search/?option=ipr_title_search&ipr_title_search=GOST

https://datatracker.ietf.org/ipr/695/
https://datatracker.ietf.org/ipr/151/
https://datatracker.ietf.org/ipr/1094/

The latter IPR notes show that Certicom has given everyone the right to use ECC for
IETF specifications for DNSSEC, IPsec, IKE, IKEv2 and TLS.

Paul
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 01:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org