GnuTLS Removes Questionable Extension

Oct 23, 2007

Ulrich Bantle

Version 2.0.2 of the GnuTLS security library does without the TLS authorization extension due to threats of patent claims.

The project took this step because the extension is not critical, but it cannot be ruled out that the extension might be patented. The project prefers to avoid any danger ensuing from a lack of clarity concerning patent claims. At the same time, this step will prevent the technology becoming more widespread. The TLS authorization extension was only added to the library in the version released early in September.

At the last minute a company claimed to have applied for a patent on TLS authorization which had been submitted to the Internet Engineering Task Force (IETF) as a draft standard, says the Free Software Foundation. The IETF had immediately rejected the draft after receiving the notice.

GnuTLS implements the RFC 2246 (Transport Layer Security) TLS standard which is used by many applications for certificate-based encryption. GnuTLS which is released under the LGPLv2 is an alternative to OpenSSL, which is released under the Apache License.

Related content

Two GnuTLS Bugfix Releases

The GnuTLS project has published two bugfix releases to close several vulnerabilities and resolve an error capable of interrupting connections.

more »
FTC Strengthens Standards and Open Source

The Federal Trade Commission (FTC) has come to a decision that could be crucial for standards and Open Source software in proposing a consent agreement in a patenting claim, says Andy Updegrove, the Linux Foundation's (LF) legal expert.

more »
Microsoft and TomTom Smoke Patent Peace Pipe

The Redmond giant and the Dutch navigation company have agreed on a settlement whereby TomTom will pay Microsoft for the use of some of its patents.

more »
Server Name Indication

Server Name Indication lets you operate more than one SSL-protected service per IP address.

more »
FAT Patents Invalid? Open Invention Network Initiates Prior Art Review

The Open Invention Network (OIN) has publicized on Post-Issue.org the three patents involving the FAT filesystem that were used by Microsoft in a lawsuit against TomTom, so that the OIN might gather evidence from the community about prior art.

more »

comments powered by Disqus

Issue 163/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

KDE Announces Software Compilation 4.13

New release comes with better semantic search and improvements to Kontact.
Coverity: Open Source Code has Fewer Defects

Annual code quality report shows FOSS is more secure at all project size levels.
An Even Smaller Raspberry Pi

The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
Freaky Privilege Escalation Attack

A new class of problems lets a malicious app pre-configure an invisible privilege update.
Facebook Rolls Out New PHP-like Programming Language

New Hack language adds static typing and other conveniences.
Fedora Announces Innovative Crytography Policy System

New crypto policy system will offer easier configuration and more uniform security.
Shuttleworth Calls for Declarative Firmware

Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
New TLS Attack Takes the S out of HTTPS

Security

Vulnerability affects many Linux web servers
Munich Adopts Kolab

The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
Canonical Announces Ubuntu Smartphones

Mobile , Ubuntu

Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.

GnuTLS Removes Questionable Extension

Related content

Issue 163/2014

Buy this issue as a PDF

Tag Cloud

News