Is SRP patented or not?

John Mitchell

The SRP system, as defined in RFC 2945 is licensed royalty-free, world-wide. The license is in "docs/LICENSE" in the SRP distribution. There is a modified version of SRP known as SRP-Z which is not free. The basic, technical difference between the two is that SRP-Z uses an explict public/private parameter for each server wherease SRP uses a fixed 'z' value.

The SRP patent covers the general SRP algorithm for all 'z' values (i.e., both SRP and SRP-Z). The free license only covers the SRP variant -- any variants using SRP-z are expressly not covered (and therefore for any use of SRP-Z you must obtain a license from Stanford).