NSA ECC Certicom Licenses from Miller, Rob on 2009-02-06 (public-xmlsec@w3.org from February 2009)

From: Miller, Rob <RDMILLER@mitre.org>
Date: Fri, 6 Feb 2009 14:39:09 -0500
To: XMLSec WG XMLSec W3C <public-xmlsec@w3.org>
Message-ID: <70189427BD8CE046B781F28D29C21AEE0A81C3DBD6@IMCMBX4.MITRE.ORG>

I attended a Cryptographic Interoperability Brief at the DoD/IC Information
Assurance Symposium this week and asked questions about ECC IPR and the NSA
Certicom Licenses. An NSA representative made an interesting claim. She said
that NSA lawyers assert that the NSA Certicom licenses can be used to
implement ECC in COTS products without any distribution restrictions as long
as they are available for National Security implementations. This still
requires that the vendor get a license from NSA, but is a different position
than I have heard in the past.  I will see if I can track down anything in
writing.

 

 

Regards,

Rob Miller

 

 

 

_____________________

Robert D. Miller, CISSP, CISA, PMP

The MITRE Corporation

Lead Infosec Engineer

Secure Operations

 

rdmiller@mitre.org - (443) 695-1857

 

CIIS/G025

Received on Friday, 6 February 2009 19:39:46 UTC