"John" == John Sullivan <johns(_at_)fsf(_dot_)org> writes:
John> The Licensing Declaration starts out right:
>> RedPhone Security hereby asserts that the techniques for
>> sending and receiving authorizations defined in TLS
>> Authorizations Extensions (version
>> draft-housley-tls-authz-extns-07.txt) do not infringe upon
>> RedPhone Security's intellectual property rights (IPR).
John> However, it is then followed by an important caveat:
>> The values provided in, and the processing required by the
>> authorizations ("authz_data" in the Protocol Document) sent or
>> received using the techniques defined in TLS Authorizations
>> Extensions are not specified in the Protocol Document. When an
>> implementation generates the authorizations or processes these
>> authorizations in any of the four ways described below, then
>> this practice may be covered by RedPhone Security's patent
John> It appears that RedPhone's disclaimer covers software
John> developers who implement the standard in a vague sense, but
John> not the people who then actually use that software. A patent
John> disclaimer must clearly cover both developers and users to
John> be acceptable.
I'm sorry, I don't see this at all. I appreciate that you quoted the
text in question. However I don't see anything in the language you
quote that applies differently to either users or developers.
The text is saying that the transport mechanisms described in the
Housley draft are not covered by the patent. However the text goes on
to say that some ways in which an implementation might employ those
transport mechanisms would be covered by the patent. As I read the
text, both developers and users who used the mechanisms in the Housley
draft in any of these four ways would infringe the patent, Redphone
However I'll also note that there are significant uses of the
transport mechanisms in the Housley draft that are interesting both to
the free software and IETF communities that fall well outside these
four areas. In particular, transporting in-band group memberships and
authorization/attribute assertions see.ms to fall outside these areas.
I can understand why the GNU project would not choose to ship an
extension to GNU TLS that used this transport to send agreement
However, it is completely absurd to claim that because some
infrastructure building block could (by writing additional software)
be used in a manner that infringes a patent that no free software
version of that building block can exist. As an example, the FSF
ships a compiler collection that can be used to infringe a number of
patents in the hands of someone who has infringing source code. The
GNU/Linux kernel includes a TCP implementation that can be used to
infringe Redphone's patent.
I'd agree with you that things would be problematic for the free
software community if the ways in which this technology were going to
be used by free software infringed the patent. I also agree with you
that there are things that one could choose to standardize on top of
this draft that would be highly problematic for the free software
community. Should anyone choose to standardize those items, I will
join you in a protest.
Until then, please pick battles worth fighting. There are a lot of bad patent
issues out there; this is no where near the top.
Ietf mailing list