[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Clarification: NRP's licensing status & IKMP
Donald and all,
Please understand: I'm NOT proposing that NRP would be a part or mentioned
in ipsec standards!! (IPSEC standard should mention your `randomness RFC';
I'll be happy if you do mention NRP in a future release
of your randomness RFC, of course, since I find this RFC a very useful
discussion.)
I only mentioned NRP in IPSEC since I believed that many in that audiance
would be interested in such a tool to get secure random numbers even if the
attacker can peek into internal seed values... I've tried to make it clear
from the very beginning that this is just information and not a proposal
(how could it be? it is not doing any key management...).
BTW, I'm not sure yet if this was a mistake. Quite a few got the wrong
impression that I propose that NRP would be involved somehow with the
ipsec-generated standards, but also quite a few people seem to be really
interested in NRP...
Best, Amir
(To the interested: following your questions/requests, we'll be putting in
software.watson.ibm.com/pub/security also some relevant papers in addition
to the tar file with the sources and manual, see the
read.me file or do ls since I'm undecided about names etc.)
Enc: msg from Donald
>
> While improvements in random number generation are great, I see no
> reason for any part of the ipsec standard to prefer any particular
> method. I would expect it merely emphasize the importance of this and
> to have a few references to general overview documents on the subject.
>
> Donald
>
>
> From: " " <amir@watson.ibm.com>
> X-Mailer: exmh version 1.5.1 12/2/94
> To: ipsec@ans.net
> Cc: Paul_Lambert-P15452@email.mot.com, cschow@watson.ibm.com
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> >
> >I wish to clarify a few points about NRP's licensing status and its relation
> >to IKMP proposals, as a response to several questions from Paul and others:
> >
> >1. NRP is not a proposal for IKMP, was just mentioned as something people
> >implementing security may want to look at. NRP (Network Randomization
> >Protocol) is a tool to provide proactively-secure randomness, so it is
> >relevant to IKMP just as it is relevant to other security protocols/systems.
> >
> >2. Warning: modifications to NRP must be made available to IBM (i.e. this is
> >fine for making other public domain stuff but problematic for products).
> >This is similar to the status of many other `public domain' sw, e.g. RSAREF,
> >PGP, ...
> >
> >3. IBM is not necessarily giving free use of its copyright/patent protected
> >property for distribution of deriviatives of NRP. (However, experimental use
> >is allowed - this is a general IBM policy.) I expect that we would
> >be able to give free use for `reasonable deriviatives', i.e. sw that does
> >not extend NRP to completely new functions...
> >
> >(There are patent applications which I believe cover NRP but they are really
> >targeted at more advanced functions - NRP stuff should be for free)
> >
> >4. We'll be happy to work with implementors that need changes to these terms
> >however let's do it off list since NRP is really a side issue for this WG (see
> >point 1 above).
> >
> >5. NRP is fully exportable.
> >
> >We are working on a new release of NRP where we would have `tested portability'
> >and implement local sampling.
> >
> >Best, Amir
> >
> >
> >------- End of Forwarded Message
> >
> >
References: