Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00

"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Wed, 06 February 2013 17:00 UTC

Return-Path: <prvs=5749f873a1=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1BF721F8A0D for <cfrg@ietfa.amsl.com>; Wed, 6 Feb 2013 09:00:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.333
X-Spam-Level:
X-Spam-Status: No, score=-5.333 tagged_above=-999 required=5 tests=[AWL=0.466, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yYN5Ki97P53V for <cfrg@ietfa.amsl.com>; Wed, 6 Feb 2013 09:00:59 -0800 (PST)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id E80DD21F89AA for <cfrg@irtf.org>; Wed, 6 Feb 2013 09:00:58 -0800 (PST)
Received: from LLE2K7-HUB01.mitll.ad.local (LLE2K7-HUB01.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id r16H0wu7014216; Wed, 6 Feb 2013 12:00:58 -0500
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: Ted Krovetz <ted@krovetz.net>, "cfrg@irtf.org" <cfrg@irtf.org>
Date: Wed, 6 Feb 2013 12:00:55 -0500
Thread-Topic: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
Thread-Index: Ac4Ei4h6txWoo8ufRAy1virv4Hbokg==
Message-ID: <CD37F4F0.E9C8%uri@ll.mit.edu>
In-Reply-To: <B76B6CE3-6F39-4238-9AE0-5D907251846A@krovetz.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.5.121010
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="B_3442996855_30246777"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2013-02-06_02:2013-02-06, 2013-02-06, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=2 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1211240000 definitions=main-1302060101
Subject: Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 17:00:59 -0000

>>practically unusable in any serious product (commercial or otherwise)
>>because of its licensing terms.
>
>I certainly hope that we can convince you that this is not true.

I'd love to be convinced, as (contrary to how it may appear) I'm not
averse to faster AEAD modes. :)

>There are a huge number of serious open-source products that all fall
>under License 1's simple terms (linux, gnu, any project using any
>OSI-approved license, etc).
>
>Note that License 1 does not have a non-military provision, meaning that
>open-source software need not worry about it.

Let's consider a hypothetical case: a company X adds an OCB implementation
to OpenSSL (or Crypto++) and then use that library/package in their
proprietary "SuperComm" software thatthey subsequently sell to Department
of Defense and to Department of Energy.

First - are they even allowed to to that under this license?

Second - how much of the source code do they have to make available to
satisfy the terms of "License 1"? Just the OCB code? The entire OpenSSL or
Crypto++? The entire "SuperComm" source?

>And we are determined try to make License 2 workable, which would then
>make all software (open or closed, commercial or non-commercial) free for
>non-military use, and hardware implementations free for non-commercial
>non-military purposes.

Non-commercial hardware? I'd like to see an example of that, and maybe a
box of samples. :)