In botan the files in src/pubkey/ec* seem to be an implementation of elliptic curves algorithms. EC is carefully removed from the openssl package in Fedora because of possible patent issues. It should be removed from botan too. There may be other issues. Blocking FE-Legal.
Already talked with spot this week about this issue. There might be more algorithms in Botan that need to be removed. I'll prepare a list for review (basically http://botan.randombit.net/algos.html, need to check the tarball to see whether it is uptodate). Note though, that with respect to ECC patents, the author of Botan, Jack Lloyd, pointed me to http://tools.ietf.org/id/draft-mcgrew-fundamental-ecc-03.txt and says: "... The IETF is publishing a reference soon that specifically gives a set of ECC algorithms over GF(p) all referencing prior art that puts the techniques described well out of the patent lifetime window [...] Hopefully that will alleviate some of the concerns eventually... (I am avoiding GF(2^m) ECC in botan specifically because that is where most of the active patents are right now)."
Created attachment 432556 [details] list of botan modules List of all modules in the Botan 1.8.9 (stable) tarball, generated from the info.txt files within the tarball itself.
Thomas, currently all ECC algorithms are not permitted in Fedora. We will revisit the issue when and if the IETF reference containing documented prior art for specific algorithms is published.
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle. Changing version to '14'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Built botan-1.8.9-2.fc15 (057bdc15..) in rawhide. The following modules have been removed. * Block Ciphers * IDEA [src/block/idea] * RC6 [src/block/rc6] * Public Key Base * ECC Public Key [src/pubkey/ecc_key] * ECC Domain Parameters [src/pubkey/ec_dompar] * ECDSA [src/pubkey/ecdsa] * ECKAEG [src/pubkey/eckaeg] * Math * GF(p) Math [src/math/gfpmath] What about these block ciphers: * RC5 [src/block/rc5] * MISTY-1 [src/block/misty1] Do they have to be removed, too? And what about the other branches?
MISTY-1 is fine, but RC5 is not. Please remove RC5. As to other active branches, if they are including any of the modules listed above, then an update needs to be pushed which removes them.
botan-1.8.9-4.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/botan-1.8.9-4.fc12
botan-1.8.9-4.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/botan-1.8.9-4.fc13
botan-1.8.9-4.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/botan-1.8.9-4.fc14
botan-1.8.9-4.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/botan-1.8.9-4.el5
Additionally removed RC5 in botan-1.8.9-4.fc15.
botan-1.8.9-4.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update botan'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/botan-1.8.9-4.fc13
botan-1.8.9-4.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update botan'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/botan-1.8.9-4.el5
botan-1.8.9-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
botan-1.8.9-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
botan-1.8.9-4.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
botan-1.8.9-4.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to comment #3) > Thomas, currently all ECC algorithms are not permitted in Fedora. We will > revisit the issue when and if the IETF reference containing documented prior > art for specific algorithms is published. This is now published as RFC 6090: https://datatracker.ietf.org/doc/rfc6090/
So, I'd like to reopen the bug, and kindly ask you (resp. RH Legal) to revisit the case. I asked Jack Lloyd (author of Botan): "[...] Just to get that right (I'm no crypto expert): Can I explain to RH Legal (i.e. quote you), that in Botan, you are only using/implementing elliptic curve cryptography algorithms that are described in that RFC?" And got this reply: "Hi Thomas, I suppose that is somewhat up for interpretation - for instance botan uses Jacobi coordinates rather than homogeneous coordinates; the RFC mentions Jacobi as an alternative and provides a 1986 reference on their use. Due to the choice of Jacobi coordinates, botan also uses different formula for point addition and subtraction than the one in the RFC; the specific formualas used were published in the research literature in the 1980s. I am not aware of any current patent which seems to have any potential of covering any of the ECC techniques in botan. I intentionally avoid GF(2^n) curves, MQV, and any implementation technique published after about 1990 for this reason. But I obviously cannot guarantee anything to anyone about the patent status of anything in botan, given the sheer insanity of the patent system we are operating under. If RH legal knows about any specific patent they think might be an issue, they should feel free to point it out. -Jack"
It sounds like to me that at this point the burden of proof has shifted to anyone who still thinks there is a patent risk here. All evidence points to there being no patent risk. If there is further evidence that should influence our behavior, let's see it. If not, let's stop removing the elliptic curve crypto from this package.
Zooko, you know quite well that it doesn't work that way, especially wrt patents. Let's stop grandstanding on bugzilla, please? This is in my todo list.
Gee, I didn't mean to offend. I actually don't know what you are talking about with respect to "how things work" with patents, and I also didn't know that you had an item in your todo list and I still don't know what that item is. I thought suggesting action might be a good way to make forward progress instead of protracted discussion. Please accept my apologies if this was inappropriate. Please consider this a request for information: is there something that we don't know about the patent situation? What is the item on your todo list? Is there something that I or someone else can do to help? Thanks! Regards, Zooko
I don't need any additional information at this time, nor is there anything that you (or anyone in the community) can do to help. I have to discuss this with Red Hat.
Possibly also relevant: DJB's list of patents and prior art: http://cr.yp.to/ecdh/patents.html It is focussed on his Curve25519, but much of it applies to other elliptic curve systems too, I think.
(In reply to comment #23) > I don't need any additional information at this time, nor is there anything > that you (or anyone in the community) can do to help. I have to discuss this > with Red Hat. Okay, I look forward to your results.
Hi spot! I don't mean to hassle you, but is there a timeline after which I can come back and ask you what Red Hat had to say? Or some signal that I can watch for? I am planning future cryptography projects and more transparency about this issue would be helpful. Regards, Zooko
As a general rule, you will never get transparency about issues involving patents. So, no, there is no timeline, but this issue is still being investigated.
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
This may now be a non-issue. See bug #319901.
Thomas, any reason why botan still ships without ECC? I'd like to enable botan support in PowerDNS
Sorry, somehow forgot about it. Will have a look at this again soon.
botan-1.10.9-4.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/botan-1.10.9-4.el7
botan-1.10.9-4.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/botan-1.10.9-4.fc20
botan-1.10.9-4.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/botan-1.10.9-4.fc21
botan-1.10.9-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
botan-1.10.9-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
botan-1.10.9-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.