Re: [Cfrg] Patents and the new elliptic curves

On 09/22/2014 08:25 PM, Michael Hamburg wrote:
> 
>> On Sep 22, 2014, at 10:27 AM, David Jacobson <dmjacobson@sbcglobal.net> wrote:
>>
>> On 9/22/14, 9:32 AM, Dan Harkins wrote:
>>>
>>> On Wed, September 17, 2014 10:30 am, Michael Hamburg wrote:
>>>> I remind you that the inspiration for this thread was the possibility that
>>>> Microsoftâ€™s â€˜907 patent applies to their NUMS software, but that
>>>> nobody noticed until now because they were intentionally ignoring patent
>>>> concerns.  You can walk through a minefield blindfolded, but it may not be
>>>> the best strategy to avoid getting blown up.  So: does anyone see
>>>> anything?
>>>   The best strategy to avoid getting blown up is to convince others
>>> to cross the minefield first and then follow the path of the first one
>>> to reach the other side both alive and in possession of all his limbs.
>>> That seems to be your strategy. Don't be surprised at the lack of
>>> volunteers to go first.
>>>
>>>   regards,
>>>
>>>   Dan.
> 
> I’m pretty sure that in this analogy I’m the guy crossing first.  I’ve implemented my design, searched for patents covering it, and shared my most interesting finding here.  Meanwhile, most of the other comments on this thread have been about why nobody will help me.
> 

Again, note that "searching for patents" may put one under "willfully
infringing" a patent, which is quite dangerous legally in this space.
Unfortunately, the US patent system is dysfunctional, but we have to
deal with it.

Typically in companies what one does when confronted with a patent troll
is to say that one "didn't search" and thus the infringement was
unintentional, and then search your patents for possible counter-suits,
and then make a deal (including getting the patent troll to call it
off). That's why many people who work for large companies rationally
refuse to search for patents and refuse to say they have searched for
patents on the public record, as it puts them  legally in the "willful
infringement category" if a patent case is brought against them.

I still believe the W3C patent policy combined with the IETF patent
policy should cover patent-related concerns from whatever curve CFRG
choses, and thus patent-related concerns here are likely a red herring
in any decision about recommendations of curves if we actively work with
the legal departments in the standards bodies and get the right
commitments from the larger companies in this space. Which means that
the "patent warchest" over whatever non-NIST ECC curve is chosen would
scare off patent trolls.

I'd like to see some decisions, not emails about patents :)

   cheers,
     harry

>> My experience from multiple employers is that if there is anything the company legal department doesn't want their engineers talking about in a public forum, it is the validity and applicability of patents. Don't be surprised at lack of responsiveness from people in industry.
>>
>> --David Jacobson
> 
> Yeah, I’m not surprised, just a little disappointed.  This is also why I’m hedging to some degree.  I haven’t said that my code is for sure IPR clean, or that ‘907 is/isn’t valid, or that it does/doesn’t apply to a particular implementation, because I don’t want to get dragged into a patent suit.  I’m just *concerned* that ‘907 may apply to the NUMS ECCLib code, and despite some searching, I’m *not aware* of any patents’ applicability to my code.  Hopefully MS’s formal review of ‘907 will suffice for that particular patent.  But it’d be nice to hear some other *concerns*, or lack thereof, on the dangers of other patents.
> 
> Maybe I should be more cautious than this, given that I work for an IP firm.  But it seems a bit backwards for a forum so concerned with IPR issues to actively avoid considering them.
> 
> — Mike
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg
> 