On Sat, 20 Jan 2007 14:45:26 -0800 "Lawrence Rosen" <lrosen@xxxxxxxxxxxx> wrote: > > > For ESP encryption algorithms, the document that was sent out for > > > Last Call contains the following table: > > > > > > Requirement Encryption Algorithm (notes) > > > ----------- -------------------- > > > MUST NULL (1) > > > MUST- TripleDES-CBC [RFC2451] > > > SHOULD+ AES-CBC with 128-bit keys [RFC3602] > > > SHOULD AES-CTR [RFC3686] > > > SHOULD NOT DES-CBC [RFC2405] (3) > > > > > > The Last Call comment suggests changing the "SHOULD+" for AES-CBC > > > to "MUST." > > Are any of these encryption algorithms patented? > Almost certainly not. DES was patented, but the patent was never enforced; it has long since expired. (Trivia: IBM filed a statement saying that DES was royalty-free *if* used in one of the NIST-approvedd modes of operation. But they never went after anyone who used it in other ways.) To my knowledge, 3DES was never patented; even if it had been, it was first publicly described in 1979, so I doubt that any patent would still be valid. AES itself had to be unencumbered; see http://csrc.nist.gov/CryptoToolkit/aes/pre-round1/aes_9709.htm#sec2d . The designers of Rijndael never even attempted to patent it; see the text quoted in RFC 3602 or the old Rijndael home page. CBC dates from at least 1980 -- I seem to recall 1978, but I don't have a citation handy. That leaves CTR mode. I doubt very much that it's patented, since it's been very well known for many years and NIST rarely standardizes patented algorithms in this space (which I know you appreciate...). However, I don't have any citations to prove this negative. --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf