Re: [Cfrg] [secdir] ISE seeks help with some crypto drafts

Tony Arcieri <bascule@gmail.com> Fri, 08 March 2019 20:34 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9F1124BA8 for <cfrg@ietfa.amsl.com>; Fri, 8 Mar 2019 12:34:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8tHklQsZaQFJ for <cfrg@ietfa.amsl.com>; Fri, 8 Mar 2019 12:34:05 -0800 (PST)
Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CDCB126DFA for <cfrg@irtf.org>; Fri, 8 Mar 2019 12:34:05 -0800 (PST)
Received: by mail-ot1-x331.google.com with SMTP id t7so18469188otk.8 for <cfrg@irtf.org>; Fri, 08 Mar 2019 12:34:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sNjUcz00a+guYv+wGUl7cMnb1LwIB6q1ElbqSbkEzkE=; b=l/56LE6e6+W8jYjs9Z3+17ViowZfGOtrW4urMjbdK7IzLZhfc/C1qZAmOdTb1M5+JQ wllMTbs7Gig9HPrsUbwOrQ1xIW9T2ObwFQ5cDPRIBzvNf6QOr7ChP9VjLTVlKUiqNxUy HZhrTPdgsgnwx5Gyn0fgdLVyXMxlK/w8BzsZdFbK5oTLCD8OSHkFRbZZpA85FM6gze7g RKw50YQ0DJ8Kbqh3TNqNiHpUyCb0uT0WDzk7XoI8u2VEqRHRv11M9wVgOWGdhCSE28y3 UDOabZvTNBHBB1rfTzY4ZBdVoqbtnNB2nqX7isjIC6k+qmVNQnaUgRUJcEFhPzlL/DW6 zlMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sNjUcz00a+guYv+wGUl7cMnb1LwIB6q1ElbqSbkEzkE=; b=LtwszN9C/RYZAXwZus2YhG6Zt4AxpRs+DokVH2XecKSNc2KT3c+XXrjS+x1XgyMV43 psdnGLPnAg/fPVWcR7BDcd16tBB73Gp4mFudB/jv4ZEUgP+TcD8/S3ZwLlNuf03AJJrY M6a7O7TQoIPhYF34Dt1p2UxawmSWTYGT4Wv3awTQU5a+w1O/2UHlOH9PNFjk29rFVWVQ wEqbQ+vwtEPZNXLKU+B5XC4duzFgFoqPDrhigNsbPxQoJkrhcDJhw0+D7Fv9ws5RJNNT qdArsvsxCO6bJ8RHcDmnEKexE5ETYte1RCdNtovsRPdEfl+qFg+6CM4lLQ76cGTRQGi0 2knw==
X-Gm-Message-State: APjAAAUsgwYg44pKJ4pWxa4H3Jfkvwl3HxuWGz/7iM0f7wAHUAbLt5vJ nzKrEk68fojGLqcitDsIAFGZ49efJhwQKmlmgvw=
X-Google-Smtp-Source: APXvYqxsjRS8OU59xyx4mvGMOeNzS7VJyQnQTZxGgow/ZVjIbkMWL3t9lUWy5TLE9FksmEjKchuf/8/HOuP/lI2u/fw=
X-Received: by 2002:a9d:4d0c:: with SMTP id n12mr13187519otf.176.1552077244095; Fri, 08 Mar 2019 12:34:04 -0800 (PST)
MIME-Version: 1.0
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <alpine.LRH.2.21.1903081227200.30421@bofh.nohats.ca> <CAHOTMVLtjVxZNy3bFRn09xH+cOw+tPi2CL3BkaQuJEqxAzGOJg@mail.gmail.com> <edca701b-21f3-c80c-d754-fc333f1e2e04@cs.tcd.ie>
In-Reply-To: <edca701b-21f3-c80c-d754-fc333f1e2e04@cs.tcd.ie>
From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 8 Mar 2019 12:33:53 -0800
Message-ID: <CAHOTMVJVhLGw+FkkTC___B1QVk3FkQGoD9Ox3kwDt5143tP2xw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: CFRG <cfrg@irtf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>, secdir <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cc600605839b243e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/SFFaEtYjKyDzNRdSa2EyMg9XBA4>
Subject: Re: [Cfrg] [secdir] ISE seeks help with some crypto drafts
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2019 20:34:09 -0000

On Fri, Mar 8, 2019 at 11:15 AM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> FWIW, I'd prefer have fewer and not more modes of operation
> documented. I'm not aware of a need for what this draft
> appears to specify (based on reading just the abstract). I
> also agree the OCB IPR situation isn't clear (IIRC more than
> just Rogaway's IPR was involved).
>

Rogaway has a pretty detailed description of the IPR situation on the OCB
site:

http://web.cs.ucdavis.edu/~rogaway/ocb/ocb-back.htm

— snip —
Does Phil have a patent on OCB? Yes, I did file patent applications
covering the new techniques used in OCB. There was a filing on 12 October
2000, and a filing on 9 February 2001. If you want to use OCB in a
commercial product, you'll need to get a license from me. But I'll license
this IP under fair, reasonable, and non-discriminatory terms. All companies
will be offered the same license agreement. I expect licensees to pay a
modest, one-time fee.

Here is a patent-assurance letter
<http://web.cs.ucdavis.edu/~rogaway/ocb/ieee.pdf> I wrote for the IEEE,
which mandates OCB in a *draft*802.11 (Wireless LAN) standard, as part of
the WEP ("Wired Equivalent Privacy") protocol.
How much will a license cost? Not much. I intend that no solvent company
should find licensing from me to be a significant issue in their cost of
doing business. Here is an offer letter
<http://web.cs.ucdavis.edu/~rogaway/ocb/offer.pdf> indicating how I am
licensing OCB.Has OCB already been licensed? Yes, it has. But,
unfortunately, I am not at liberty to say more.Will anyone else come to
have a valid patent that covers OCB? Unfortunately, this question is
impossible to answer at this point. IBM has indicated that it has a patent
filing that covers Jutla's authenticated-encryption work. They indicate
that this was filed on 14 April 2000. Gligor has indicated that he has
three patent filings that cover his authenticated-encryption and
parallelizable MAC work. He indicates that these were filed on 31 January
2000, 31 March 2000, and 24 August 2000. All of these filings were
provisional patent filings.

One can only conjecture who will have what enforceable rights. As for
Jutla/IBM, I have been clear all along that OCB retains similarities to
Jutla's IAPM. Intellectually, OCB owes much to Jutla's work. But whether or
not IBM's patent covers OCB may depend on how broadly IBM's claims were
crafted.

As for Gligor/VDG, I am unaware of any idea from [Gligor, Donescu; 18
August 2000] that I used in OCB. I believe that any utility patent filed
after Jutla's work and my work appeared but based on a provisional patent
filed before Jutla's work and my work appeared will need to be examined
with care, comparing the contents of the utility patent to the contents of
the provisional patent, and paying attention to what was published in the
interval. Such an exercise is currently impossible, because provisional
patents are not made available before utility patents issue.

I start to think that I have been too talkative and too concerned about
what IP other parties could come to hold. In truth, nobody ever knows the
answer to this question.
-- 
Tony Arcieri