RE: Full Text of Phoenix letter

[Black_David@emc.com]

Here's the contact info that goes with the text of the letter.
Sorry for omitting it earlier.  --David

David Jablon
CTO
508.898.9024 direct
509.561.1953 eFax
david_jablon@phoenix.com

Phoenix Technologies Ltd.
320 Norwood Park South
Norwood, MA  02062
781.551.5000 main
www.phoenix.com

> -----Original Message-----
> From: Black_David@emc.com [mailto:Black_David@emc.com]
> Sent: Saturday, February 09, 2002 2:43 AM
> To: ips@ece.cmu.edu
> Subject: Full Text of Phoenix letter
> 
> 
> To: IETF IP Storage Working Group
> Subject: Phoenix Patents and RFC 2945 
> 
> February 6, 2002
> 
> 
> Dear working group members,
> 
> Regarding the inquiry by working group co-chair David Black into the
nature
> of U.S. patent 6,226,383 and its relation to SRP and RFC 2945, this letter
> presents a status update on Phoenix's plans to provide an appropriate
> response for the working group.  This letter also presents a general
summary
> of our licensing practices and products in the field of password-based
> cryptography, which I hope will assist you in the planning process.
> 
> Phoenix owns patent 6,226,383 which describes the SPEKE methods for
> zero-knowledge password authentication.  An investigation into exactly how
> this patent relates to RFC 2945 is now underway within the company.  While
> providing guarantees and assurances for use of technology developed by
other
> organizations has not been a traditional priority for Phoenix, there is
now
> recognition of the need for this working group and others to have clarity
in
> this matter, and a position statement will be provided very soon.
> 
> Phoenix Technologies, in part through the acquisition of Integrity
Sciences,
> has developed the SPEKE family of zero-knowledge password methods,
providing
> both licenses and implementations.  These protocols have been cited and
> studied in numerous research papers over the past several years.  In
> particular, the BSPEKE protocol can provide a plug-and-play upgrade for
SRP.
> An Internet Draft discussing these issues is also being prepared.  These
> methods are comparable to the best of any similar methods, and they are
> easily shown to be unencumbered by the other patents in this field.
> 
> It would seem a shame for a new standards effort to avoid zero-knowledge
> password techniques as a purely cost-savings measure, given the choices
> available.  The need for convenient, strong, and inexpensive security
> built-in to the infrastructure of Internet applications is as great today
as
> ever.  The SPEKE techniques represent a generational improvement in
personal
> authentication, providing strong security with minimal effort.  These
> methods provide the best choices in this field, with the cleanest
> implementations, optimal security, best alignment with standards, and
> easiest license agreements for commercial deployment of zero-knowledge
> password techniques.
> 
> A statement regarding licensing of the SPEKE patent in the context of the
> IEEE 1363 standard is on file with the IEEE, and Phoenix is also committed
> to providing an updated statement in this same time frame that conforms to
> both IEEE and IETF policies assuring reasonable and non-discriminatory
> terms.  But more importantly, as a leading provider to the PC industry,
> Phoenix will stand behind its technology.  Phoenix has a 20-year history
of
> broadly licensing products to this industry, and has helped to pioneer
many
> widely used standards and technologies that are built-in to the systems
that
> we all take for granted.  Our history of cooperation with many of the
> leading companies in the industry makes Phoenix naturally suited to gently
> encouraging the adoption of this new class of strong and convenient
security
> techniques.
> 
> Sincerely,
> 
> 
> David Jablon
> CTO, Phoenix Technologies