Re: iSCSI: PAK: an alternative to SRP and DH-CHAP

[Bill Studenmund <wrstuden@wasabisystems.com>]

On Tue, 30 Apr 2002, Philip MacKenzie wrote:

> > I think the only thing which will really work is a license like Stanford
> > has for SRP. And Lucent doesn't seem interested in such a thing.
>
> So are you saying that no other part of iSCSI requires
> licensing from anyone, and the only thing that's holding
> it up is the password authentication?  But from an earlier
> post of Pat Thaler:
>
> > We also have a letter from EMC on "the 024 patent" where EMC offers a
> > license under reasonable and non-discriminatory terms with a grant back. If
> > you consider a non-free license to be a barrier to smooth progress then we
> > already have that problem independent of SRP, but that position doesn't seem
> > to be supported by RFC 2026.
>
> So it seems that iSCSI already has licensing issues...

A couple of differences. 1) while we're still having our lawyer look at
things (and as usual IANAL; get your own legal advice), the EMC patent
doesn't look like a show-stopper. It's not a patent on iSCSI. Also, I
think open-source implementations can be made (and put in the *BSDs) which
won't infringe. What you're describing sounds like it has its own patent,
and infringes on the EKE patent. Since there's a patent on it, while I
haven't looked at said patent (and IANAL), I don't see how anyone could
get around it.

Another difference is that even if the EMC patent applies, _I_ think it's
best to not have patented authentication as that would increase the number
of patents that need to be licensed. :-)

Take care,

Bill