Saturday, November 30, 2013
Patenting SSL with a Certain Cipher?
Earlier this week Newegg lost a patent lawsuit. Newegg was being sued by TQP for infringing on their patent. The patent they were infringing on was using SSL and RC4 as the cipher suite. This is a big deal because the patent holder does not hold the patent to SSL or to RC4, only to using the two together.
When a server operator is setting up a web server, and they want to use SSL to secure the connection to the client they have to choose which ciphers are allowed. Some of the other choices available are AES, 3DES, RC4, and Camellia. Using RC4 is less computationally intensive than the other options. This means that it is often used with servers on older machines. The combination of SSL and RC4 is used by a lot of companies and private individuals.
SSL was first developed by Netscape, and RC4 was developed by RSA security. Since SSL was meant to be public it's easy to see how one would use that. RC4 was reverse engineered, or leaked by a member of the cypherpunks mailing list. Since these two technologies separately are completely free and unencumbered software. The option to use the two together is actually an option on some graphical interfaces for web servers.
How could a company own the patent to using the two together? They simply should not be able to. By giving TQP this power, TQP will have the ability to sue millions of companies for 'using' their patent.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment