[gnutls-dev] Fedora gnutls-1.0.20-5.src.rpm

Jeff Johnson jbj at redhat.com
Tue Jan 25 20:09:04 CET 2005

On Mon, Jan 24, 2005 at 05:18:26PM +0100, Nikos Mavrogiannopoulos wrote:
> On Saturday 22 January 2005 08:39, Albert Chin wrote:
> > The latest development RPM from Fedora for gnutls-1.0.20 does not
> > contain the SRP authentication code because of the following Changelog
> > entry:
> >   * Tue Sep  7 2004 Jeff Johnson <jbj at redhat.com> 1.0.20-2
> >   - patent tainted SRP code removed.
> > Is this correct? If so, should SRP be disabled from gnutls?
> According to SRP's author, the only patent of SRP is the one of Stanford's,
> and this is available royalty free. Nobody else have claimed patents on SRP. 
> The only statements i've seen are of the kind "we may hold a patent on SRP"
> by companies holding patents on competitive technologies. In my opinion their
> patents affect SRP the same way the MP3 patent affects OGG. It would be
> a shame to drop SRP support, especially when nobody has actually claimed
> to hold a patent affecting SRP.

Patent tainting is a Red Hat risk, not a gnutls risk. Red Hat lawyer's
often have trouble understanding three letter acronyms, and are conservative,
as they should be.

*Please* don't remove SRP from gnutls.

73 de Jeff

Jeff Johnson	ARS N3NPQ
jbj at redhat.com (jbj at jbj.org)
Chapel Hill, NC

More information about the Gnutls-devel mailing list