Dear OpenSSL team, Given the recent patent lawsuit between RIM/CertiCom and Avaya mentioning the ECC code in OpenSSL, what is (according to the OpenSSL team) the patent status of the ECC code in OpenSSL? Specifically: - Was the OpenSSL ECC code provided under a still-valid patent license from someone in the power to grant it, perhaps Sun (now Oracle America)? - Is the FIPS mode ECC covered through some US Government or sponsor license?, And if so, does this license extend to some non-FIPS scenarios, such as invoking the FIPS blob ECC code from a non-FIPS application (perhaps by modifying a FIPS-capable OpenSSL library to do so even in non-FIPS mode)? - Are there portions of the ECC code in OpenSSL which one should disable at configure time, similar to how RSA and IDEA were often disabled in the past? - Is this situation different depending on the OpenSSL library version? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
