I would like to express my concern about the proposed standard
"draft-housley-tls-authz-extns" for which the IESG has recently issued
another Last Call.
In IPR disclosure 1026, RedPhone Security asserts that receiving or
sending authorizations as defined by the proposed standard is not
covered by their pending patents, and is therefore possible without a
license. Still, a full implementation of the standard would require a
license because some of the techniques for generating and processing
authorizations are covered by the patents. RedPhone Security states that
licenses will be granted in a fair manner, but it does not guarantee
that anyone wishing to implement or use the standard will receive a
royalty-free license. In my opinion, this is a prerequisite for
declaring something a web standard, because otherwise the standard
cannot be implemented in free software.
Standards should be adopted by as many users as possible, and it is
better not to set a standard for something than to declare a
patent-encumbered technology a standard. Therefore I hope that you will
continue working on the draft and make sure that the next proposal is
not affected by any known patents.
Ietf mailing list