The patents may have killed it. Even "free for open source" can be troublesome if you're worried about putting free software into an appliance and getting trapped. Easier to avoid patented algos entirely.
Rogaway's patent grants are now very liberal: they cover all open source and everything non-military. It passed through CFRG, too, and is documented in an RFC: https://tools.ietf.org/html/rfc7253
But yes, definitely the fact that there were patent grants hurt it a lot in adoption before; even when (as in WiFi) it was one of the contenders, CCM is more common.
A few things do use it: off the top of my head, I think Mumble does, although I think that's an earlier variant (OCB2, perhaps, rather than OCB3 as documented in the RFC?).
I'm also looking forward to the results of the CAESAR authenticated-encryption competition - http://competitions.cr.yp.to/caesar.html - there's a lot of competition, and quite a few entries fell and have been withdrawn. The current version of OCB is among the current list of contenders, among several other interesting candidates.
Specifically regarding the patent grants (of which there are three on http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm: open source, non-military, and OpenSSL) they would appear at first glance to cover OpenBSD. All three in fact. The problem is that this then creates a trap for anyone taking OpenBSD and using it to build something to sell to a military. Suddenly they are no longer protected; we prefer not to incorporate anything that can create such traps.
Then came the OpenSSL specific license. That license probably applies to LibreSSL today, but now there's a Ship of Theseus problem. How much OpenSSL does one need to keep to qualify? And of course, the OpenBSD IPsec stack is completely unrelated to OpenSSL.
> Specifically regarding the patent grants (of which there are three on http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm: open source, non-military, and OpenSSL) they would appear at first glance to cover OpenBSD. All three in fact. The problem is that this then creates a trap for anyone taking OpenBSD and using it to build something to sell to a military. Suddenly they are no longer protected; we prefer not to incorporate anything that can create such traps.
How so? As far as I can tell, the "open source" grant, covers everything under a BSD license (among other licenses) -- and holds no provision for "military use". I don't see how anyone using the [ed: algorithm, not code] under license 1, could become subject to license 3?
People take OpenBSD and turn it into not open source products all the time. For a more famous example, FreeBSD is at the core of the Playstation OS, but it's no longer open source.
Mosh (https://mosh.mit.edu) uses OCB. At the time it was written, GCM implementation availability was poor: OpenSSL was just adding it upstream, so almost no end-user machines would have it for some time. Meanwhile, the OCB reference implementation looked fine, and permitted the Mosh developers not to write their own crypto.
The OCB patent grant at the time specifically required GPL, which I believe played into the decision to release Mosh under the GPL. (It now has a very wide patent grant, permitting a few options including all non-military software use, both closed and open, but GCM was already winning by then.)
