Chris Newman | 12 Sep 19:12 1997

SSH and U.S. patent 5,657,390

Was SSH publicly released before Aug 25, 1995?

It seems that Netscape was just granted a US patent on the idea of the SSL
protocol.  From reading the abstract (at patents.uspto.gov), there might 
be a chance the patent applies to SSH.  If SSH was publicly released
before the filing date, then it should be clear of the patent.  Otherwise
it might be wise to check with a patent lawyer... 

		- Chris

Simon Cooper | 12 Sep 20:44 1997
Picon

Re: SSH and U.S. patent 5,657,390

>Date: Fri, 12 Sep 1997 10:12:59 -0700 (PDT)
>From: Chris Newman <Chris.Newman <at> INNOSOFT.COM>
>Sender: owner-ietf-ssh <at> clinet.fi
>
>Was SSH publicly released before Aug 25, 1995?
>
>It seems that Netscape was just granted a US patent on the idea of the SSL
>protocol.  From reading the abstract (at patents.uspto.gov), there might
>be a chance the patent applies to SSH.  If SSH was publicly released
>before the filing date, then it should be clear of the patent.  Otherwise
>it might be wise to check with a patent lawyer...
>
>		   - Chris

   I designed something similar to SSL in early 1994 at Rutgers University, NJ,
USA.  The rough documentation for the system has been publically available
since that time at,

	http://www-ns.rutgers.edu/RUSSL/russl_doc.html

The announcement of what Rutgers had been working on was made to
www-talk <at> www0.cern.ch on Thu, 21 Jul 94 16:59:51 EDT.  At that time Walt, Greg
and I announced the www-security mailing list.  An old (very out of date)
archive of the list is available at,

	http://www-ns.rutgers.edu/www-security/archives/index.html

I am attaching the list announcement message and the message describing the
location of the RUSSL documentation.

(Continue reading)

Bradley Dunn | 12 Sep 21:49 1997

Re: SSH and U.S. patent 5,657,390

On Fri, 12 Sep 1997, Chris Newman wrote:

> Was SSH publicly released before Aug 25, 1995?

SSH 1.0.0 appears to have been released on Jul 12, 1995. See
ftp://ftp.cs.hut.fi/pub/ssh/old/

pbd
--
"Seems she thought of me as some mystic, fatalistic, mystical guru
 Me, I haven't got a clue."
	-- Tears for Fears, "Cold"

Ran Atkinson | 12 Sep 22:41 1997
Picon

Re: SSH and U.S. patent 5,657,390


  Chris makes a good point about the SSL-related patent.

  At least under US law (based on my past painful involvement
with patent lawyers), open publication of the concept by
someone other than the patent filer prior to the filing date is
often sufficient to invalidate the patent.  So it isn't clear that
actual code release is necessary.  One might theorise that SP4
(published by NIST/NBS in the late 1980s) is prior art for the
patent in question.

  It might be sensible to collect prior art related to this and
stuff it online someplace.  John Gilmore kindly maintains such
an online archive for IPsec-related prior art, btw. [I forget
the URL for John's site, so don't bother asking me; sorry].

Ran
rja <at> home.net

PS:  This list seems amasingly quiet for a nominally active IETF
  WG.  Until Chris' note I had begun to think I must have been
  dropped off the list somehow...

Tatu Ylonen | 14 Sep 22:57 1997
Picon
Picon

SSH and U.S. patent 5,657,390

> Was SSH publicly released before Aug 25, 1995?
> 
> It seems that Netscape was just granted a US patent on the idea of the SSL
> protocol.  From reading the abstract (at patents.uspto.gov), there might 
> be a chance the patent applies to SSH.  If SSH was publicly released
> before the filing date, then it should be clear of the patent.  Otherwise
> it might be wise to check with a patent lawyer... 

Yes, SSH-1.0 was publicly released in July 1995.  Early versions
were freely circulated at Helsinki University of Technology even
before that.

    Tatu

--

-- 
SSH Communications Security	      http://www.ssh.fi/
F-Secure Internet Security Solutions  http://www.datafellows.com/f-secure/
Free Unix SSH                         http://www.cs.hut.fi/ssh/

Fred Baker | 19 Sep 16:54 1997
Picon

Costs of Mandatory Key Recovery

If you could email any hard numbers as to expected costs to Don Heath
<heath <at> isoc.org>, it would be helpful.

>>Date: Wed, 17 Sep 1997 10:55:55 -0400
>>From: Philip Webre <philipw.nrd <at> cbo.gov>
>>To: heath <at> isoc.org
>>Subject: Costs of Mandatory Key Recovery
>>Content-Disposition: inline
>>
>>As I explained over the telephone, we are trying to estimate
>>the private sector costs associated with mandatory key
>>recovery in the US.  Thursday the House Intelligence
>>Committees passed an amended version of HR 695 that
>>would mandate immediate key recovery in all encryption
>>products sold, imported or distributed in the US after
>>January 31, 2000.  It further imposes this requirement
>>on Internet service providers who provide encryption
>>services when presented by a warrant from a duly authorized
>>law enforcement official.
>>
>>We expect that within an organization like a corporate
>>LAN, key recovery can be mandated in a straight forward
>>manner.  But since the relationship between an ISP
>>and its client is more distant, very different mechanisms
>>and cost structure would surface.  I would be very
>>interested in any information you could provide regarding
>>the costs associated with such a mandate.
>>
>>Address:
>>Philip Webre
(Continue reading)

John Gilmore | 26 Sep 03:49 1997

Re: SSH and U.S. patent 5,657,390

>   It might be sensible to collect prior art related to this and
> stuff it online someplace.  John Gilmore kindly maintains such
> an online archive for IPsec-related prior art, btw.

It's http://www.cygnus.com/~gnu/netcrypt.html.

I have added the text of the Netscape SSL patent, and the discussion
from this list, to the site.

	John Gilmore

Bradley Dunn | 30 Sep 06:22 1997

Revised drafts

Hi,

After the last IETF I think I remember talk of revised drafts being
available soon. Any idea on when those will appear?

Thanks,
Brad
--
"Seems she thought of me as some mystic, fatalistic, mystical guru
 Me, I haven't got a clue."
	-- Tears for Fears, "Cold"


Gmane