IETF Logo Mail Archive

Re: OpenDNS today announced it has adopted DNSCurve to secure DNS

tytso@mit.edu Wed, 24 February 2010 16:48 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D7F73A849E for <ietf@core3.amsl.com>; Wed, 24 Feb 2010 08:48:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ur1G-L6Orogt for <ietf@core3.amsl.com>; Wed, 24 Feb 2010 08:48:09 -0800 (PST)
Received: from thunker.thunk.org (thunk.org [69.25.196.29]) by core3.amsl.com (Postfix) with ESMTP id 823FD3A8401 for <ietf@ietf.org>; Wed, 24 Feb 2010 08:48:09 -0800 (PST)
Received: from root (helo=closure.thunk.org) by thunker.thunk.org with local-esmtp (Exim 4.50 #1 (Debian)) id 1NkKRA-0000Qr-23; Wed, 24 Feb 2010 11:50:12 -0500
Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from <tytso@thunk.org>) id 1NkKR9-000379-By; Wed, 24 Feb 2010 11:50:11 -0500
Date: Wed, 24 Feb 2010 11:50:11 -0500
From: tytso@mit.edu
To: Joe Baptista <baptista@publicroot.org>
Subject: Re: OpenDNS today announced it has adopted DNSCurve to secure DNS
Message-ID: <20100224165011.GF5166@thunk.org>
References: <874c02a21002231826y613b9f97ya83740ba240f7bf9@mail.gmail.com> <ABE739C5ADAC9A41ACCC72DF366B719D02C29D87@GLKMS2100.GREENLNK.NET> <sdzl2yvgru.fsf@wjh.hardakers.net> <874c02a21002240835u7cf4bf60y510cbbc870727852@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <874c02a21002240835u7cf4bf60y510cbbc870727852@mail.gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on thunker.thunk.org); SAEximRunCond expanded to false
Cc: "Dearlove, Christopher (UK)" <Chris.Dearlove@baesystems.com>, ietf@ietf.org, Wes Hardaker <wjhns1@hardakers.net>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2010 16:48:10 -0000

I'm not a lawyer, and neither is Bruce Schneier who is quoted in the
article below, but I suspect he's studied the ECC patent situation
more than I have (and I looked it quite a bit back when I was chairing
ipsec).

	http://en.wikipedia.org/wiki/ECC_patents

If it were up to me, I'm not sure I'd want to bet the DNS
infrastructure on whether or not patent lawyers with shark-skin
briefcases want to make a mint by instigating a lawsuit.  As we've
seen with the SCO lawsuit, even completely groundless legal disputes
can take years and years, and the only winner is the lawyers.  And
we've seen how much public key deployment was held back because of the
RSA patents; and most people who have lived through those dark times
really don't want to revisit them again.

As I told the Certicom folks over a decade ago, the best way they
could make their (hardware implementation) patents more valuable is by
explicitly making a non-assert pledge regarding software
implementations of ECC.  That would have cleared away a lot of the
hesitation around using ECC, since regardless of whether the claims of
ECC proponents that "no really, there's no problems here!" are true or
not, it would have calmed the fears who've looked at the situation and
who have perceived real risks.

Of course, the Certicom folks didn't listen to me back then, and I
doubt any of them would listen to me now....

						- Ted

v2.23.0 | Report a Bug | By Email