- From: Bruce Rich <brich@us.ibm.com>
- Date: Tue, 10 Feb 2009 09:26:33 -0600
- To: public-xmlsec@w3.org
- Message-ID: <OF37BA734A.24072961-ON86257559.0054B3B8-86257559.0054D490@us.ibm.com>
<IANAL> Some excerpts have been posted recently from a document on the Certicom website ( http://www.certicom.com/images/pdfs/FAQ-TheNSAECCLicenseAgreement.pdf) that talks about ECC. Although the link is very useful, one needs to treat excerpting very carefully, as it may lead to an overly optimistic conclusion. Without pretending to be a legal expert, I would point out several omitted excerpts that may constrict one's freedom of action (and now I'm doing the dangerous excerpting... :-): 6. How do the NSA and Certicom define the Field of Use? Directly from our agreement with the NSA: “Field of Use” means the technology and methods necessary to implement in either an NSA Approved Product or a product for national security compliant with FIPS 140-2 or its successors the Licensed Patents and Patent Applications with elliptic curves over GF(p) where p is a prime number greater than 2255. 7. What is an “NSA Approved Product?” Directly from our agreement with the NSA: “NSA Approved Product” means a product that is approved by the NSA for use by either: 1. US Government agencies for protecting classified information, mission critical national security information or for protecting information under 10 USC 2315; 2. State and Local Government agencies for protecting classified information, mission critical national security information or for protecting information under 10 USC 2315; or 3. Foreign Government agencies for protecting classified information or mission critical national security information where interoperability with US entities using an NSA approved product is a possibility or the aforementioned information originated in the US Federal, State or Local Government. 8. What sublicensing rights does the NSA have? The NSA has the right to grant sublicenses to the 26 licensed patents in the limited field of use defined above. 9. What does the NSA intend to do with the right to sublicense? We believe the NSA is interested in the proliferation of the technology. To that end, the NSA is granting a royalty free sub-license to manufactures who implement this technology into their products to address the Government’s needs. Note that Certicom can grant the exact same rights if the manufacture wishes to obtain the license from the original patent holders. Certicom retains ownership of all 26 patents. 10. What does it mean to have NSA approval? It means that the product has been evaluated and approved for use by the NSA. The NSA has their own evaluation team in place to validate security implementations primarily for department of defense applications. ... 12. What kind of product can I license this technology for? As stated in our contract with the NSA, you can license this technology for products that fit the field of use definition “…either an NSA Approved Product or a product for national security compliant with FIPS 140-2 or its successors…” ... 19. What commercial terms do I get from the NSA? You get the right to use the 26 patents within the field of use defined above. Currently, the NSA and Certicom offer these rights under a royalty free license. What I don't see in this document is any proviso for either unlicensed usage or for usage outside the prescribed field of use. </IANAL> Bruce A Rich brich at-sign us dot ibm dot com
Received on Tuesday, 10 February 2009 15:27:38 UTC