I have just heard that a draft IEFT standard, TLS authorisation, which
is apparently patented by a company called RedPhone Security is being
proposed as a standard. If this is true, I wish to register my protest
against such a move. IETF standards have historically been one of the
few kinds that can be implemented, without debilitating restrictions,
by anyone who wishes to do so. This openness and freedom to create is
what I believe has driven the Internet forward to where it is now.
Imagine for a moment that something as essential as TCP/IP or HTTP had
been patented. We would have none of the diversity and universality
that enables the Internet to function so freely and smoothly. Or if
SSL was handicapped, preventing people from using free browsers like
Mozilla Firefox, and having to make the choice between no security or
a proprietary, buggy, insecure, Windows-only browser.
For the health of the web, essential standards need to be completely
free as so to ensure everyone the ability to use them, thus ensuring
maximum interoperability. If TLS authorisation has indeed been
patented, no matter how worthy technically, I do not wish to see it
become an IEFT standard.
Ietf mailing list