LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

DNSCurve: an alternative to DNSSEC

DNSCurve: an alternative to DNSSEC

Posted Jul 9, 2009 5:45 UTC (Thu) by dlang (✭ supporter ✭, #313)
Parent article: DNSCurve: an alternative to DNSSEC

one good thing about using an algorithm as old as ECC is that any patents that may exist should be hitting teir 20 year lifetime and expiring soon (if they haven't already)

those who remember the RSA patents expiring will remember that there was a lot of use of the algorithms prior to the expiration, so when the magic day finally hit the software was well tested and ready for widespread use. it will take a while for people to get comfortable with the idea of doing that much encryption, so I expect that patents shouldn't be that bad a problem.

at least this time djb is advocating a protocol specification rather than just a specific implementation. that should avoid a lot of the problems that people (including me) have had with his stuff in the past

as for the idea of DNSSEC being safer due to the encryption keys being on another box, people who are interested in doing that sort of thing right will buy hardware encryption accelerators that isolate the key from the system, and almost everyone else will have their keys on the servers so that they can update things easily. so I don't see it as a very singnificant difference in risk.

(Log in to post comments)

DNSCurve: an alternative to DNSSEC

Posted Jul 9, 2009 10:57 UTC (Thu) by nix (subscriber, #2304) [Link]

DJB's patents page has at least one example of something described in 1976 being independently reinvented and patented in 1990... so mere age won't prevent yet more patents popping up.

DNSCurve: an alternative to DNSSEC

Posted Jul 9, 2009 13:22 UTC (Thu) by droundy (subscriber, #4559) [Link]

But if the algorithm was published 25 years ago, even if there is a more recent patent, it will be trivial to find prior art that even the dullest judge ought to recognize.

DNSCurve: an alternative to DNSSEC

Posted Jul 9, 2009 13:59 UTC (Thu) by nix (subscriber, #2304) [Link]

Yes, sure... by which point you've already experienced chilling effects from months to years of patent uncertainty, and probably heaps of legal expenses too. Patent attacks work even if the patent is grossly bogus :(

DNSCurve: an alternative to DNSSEC

Posted Jul 10, 2009 9:27 UTC (Fri) by incase (subscriber, #37115) [Link]

At least in the USA, you mean....
Bad enough though...

Patents and the brokeness of them

Posted Jul 10, 2009 20:38 UTC (Fri) by smoogen (subscriber, #97) [Link]

Sadly the patent system does not seem to work that way. One of the big ways to make a patent infinitely long is to add an 'invention' to an existing patented item. The first patent may expire but your additional patent still covers the method where it relates to your extension of the invention. Rinse and repeat.

And the one issue is that while many developers will say "oh we aren't in the US so we do not have to worry..." they forget about reciprocal treaties their nation may have signed with the US which basically covers their works anyway :(.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds