Larry, Please note that any responses to your question "Are any of these encryption algorithms patented?" are being provided by individuals in the spirit of helpfulness and open sharing of information. Neither IETF nor the IETF Trust provide assurances or advice as to whether or not technology covered by IETF standards are covered by patent claims. The exclusive mechanism for soliciting and disclosing patent claims within the context of IETF activity is specified in RFC 3979, as we have discussed before. Please do not take anyone's efforts to respond to your questions as "official" IETF positions, as they are not and may not be relied upon as such. Regards, Jorge > -----Original Message----- > From: Steven M. Bellovin [mailto:smb@xxxxxxxxxxxxxxx] > Sent: Saturday, January 20, 2007 6:28 PM > To: lrosen@xxxxxxxxxxxx > Cc: ipsec@xxxxxxxx; ietf@xxxxxxxx; saag@xxxxxxx > Subject: Re: MUST implement AES-CBC for IPsec ESP > > > On Sat, 20 Jan 2007 14:45:26 -0800 > "Lawrence Rosen" <lrosen@xxxxxxxxxxxx> wrote: > > > > > For ESP encryption algorithms, the document that was > sent out for > > > > Last Call contains the following table: > > > > > > > > Requirement Encryption Algorithm (notes) > > > > ----------- -------------------- > > > > MUST NULL (1) > > > > MUST- TripleDES-CBC [RFC2451] > > > > SHOULD+ AES-CBC with 128-bit keys [RFC3602] > > > > SHOULD AES-CTR [RFC3686] > > > > SHOULD NOT DES-CBC [RFC2405] (3) > > > > > > > > The Last Call comment suggests changing the "SHOULD+" > for AES-CBC > > > > to "MUST." > > > > Are any of these encryption algorithms patented? > > > > Almost certainly not. DES was patented, but the patent was never > enforced; it has long since expired. (Trivia: IBM filed a statement > saying that DES was royalty-free *if* used in one of the > NIST-approvedd > modes of operation. But they never went after anyone who used it in > other ways.) To my knowledge, 3DES was never patented; even if it had > been, it was first publicly described in 1979, so I doubt that any > patent would still be valid. > > AES itself had to be unencumbered; see > http://csrc.nist.gov/CryptoToolkit/aes/pre-round1/aes_9709.htm#sec2d . > The designers of Rijndael never even attempted to patent it; see the > text quoted in RFC 3602 or the old Rijndael home page. > > CBC dates from at least 1980 -- I seem to recall 1978, but I > don't have > a citation handy. > > That leaves CTR mode. I doubt very much that it's patented, > since it's > been very well known for many years and NIST rarely standardizes > patented algorithms in this space (which I know you appreciate...). > However, I don't have any citations to prove this negative. > > > --Steve Bellovin, http://www.cs.columbia.edu/~smb > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf