ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Dean Anderson] RE: Withdrawal of Approval and Second Last Call: draft-housley-tls-authz-extns

2007-04-02 13:50:09
from [Sam Hartman] [Permanent Link] 


Dean cannot post to the ietf list so I have forwarded his comments here.
--- Begin Message --- 

Ok, I've now read most of the patent documents and claims, and I've 
looked over the draft-housley-tls-authz-extns-07.txt.

Short answer: The RFC and the patent application are very close, if not
identical.  It is not the case that the patent is merely overbroad, and
therefore covers the housley draft; they are the same.  On the draft: 
rewrite so as not to infringe the patent application if granted.

The timeline of events is very important:

-- The first patent applicationis filed in January, 2005, with Mark D. 
Brown and David J. Wilke as the applicants.

-- The application was apparently amended September, 2005 with
application number 11/234404. This application is not listed in the IPR
disclosure, but can be found on the "Continuity Data" tab of the USPTO
web site (see below). This is somewhat strange, I think, especially as 
its the most similar to the housley draft.

-- The first draft of draft-housley-tls-authz-extns was submitted in
February, 2006.  Mark Brown and Russ Housley are the authors.

-- February 2007, IESG approval is withdrawn after Russ Housley becomes
Chair of IETF and IPR information comes out regarding the draft.

Having reviewed the documents, the 'housley' draft and the patent
application contain essentially identical message exchange diagrams.
For example, Figure 6 of the drawings associated with patent application
11/234404 is nearly identical with Figure 2 of
draft-housley-tls-authz-extns-07.txt.

It seems impossible to me that, as Brown describes below, that the
patent claims could merely 'be read more broadly.' This patent is
essentially identical with the IETF draft.  The primary difference is
the housley draft doesn't contain the concrete examples of the patent
application, and is more abstractly written.

I'm not sure what it means to file a patent and subsequently author an
essentially identical draft 'in good faith', since it is unclear what
bad faith would be.  I am still uncertain about when Brown and Housley
each knew about RFC3979, and when did they each know about the existance
of the patent application.  I haven't seen any such dates and evidence
on this by either Housley or by Brown.  I'm a still uncertain as to how
the existance of the patent application became known to the IETF.  I
would like to see definite answers to these questions, rather than
assurances of good faith.

BTW, creating a permanent royalty free license grant to the public is
quite easy.  Other variations are quite hard, until you get down to
licensing individual entities. However, you cannot simulataneously both
grant royalty free use of this patent, and continue to make money using
this patent as a monopoly on the technology; these are mutually
exclusive.

On the subject of how to proceed with the draft:  Having reviewed
documents, my view is that the technology in the patent application is
not novel, but would be obvious to anyone trying perform the services
described, and that therefore the patent application should be denied.
Furthermore, except for possibly overbroad claims, the TLS protocol
extension can be changed so that it doesn't use the patented methods.  
My recommendation, informed by the actual documents, is that the draft
should be rejected and rewritten using non-patented alternatives.

FYI: The patent files can be downloaded from the "How to Search" page at
http://www.uspto.gov/main/profiles/acadres.htm 
Then click "Track Patent Status" 
Then select "Application Number" and enter the application
number 60/646749 or 11/234404 and click on Search.

To get the patent documents, click the tab "Image File Wrapper" and 
download the images as a PDF.  There are other tabs which are 
interesting.


                --Dean



On Thu, 29 Mar 2007, Mark Brown wrote:


Simon,

I filed for patent (Jan and Sep 2005) and later promoted TLS authz (Feb
2006) in good faith.  It is possible that the patent claims can be read more
broadly than I expected, but that's a fairly detailed and unresolved legal
question.  I am working diligently to -- let me speak carefully -- explore
if and how I can make a royalty free license grant to ensure that promoting
TLS authz continues to be an act in good faith, while still protecting a way
for my company to make money on its IPR.

I have experienced some surprises when mixing law and Internet standards.
To try to avoid surprises, I have hired IPR attorneys at two different firms
to review my draft which proposes a royalty-free license grant.  I expect
any resulting license will be conditioned upon IETF acceptance of TLS authz
as a standard.  I hope to have concluded these services next week.

I think IPR questions are complicated in part because for some questions
only a lawsuit can answer the question -- but we should all want to stay
clear of these kinds of lawsuits!  So answers seem to me to be in short
supply.  I want to craft the proposed license to make this situation a
little clearer than that, but doing so often involves taking risks of giving
away a huge loophole.  So I'm working to get good legal advice.

In short, I am working to create a royalty-free license grant -- hopefully I
can disclose it next week.  With some luck, it will clarify the situation.

Best regards,

mark


-----Original Message-----
From: Simon Josefsson [mailto:simon(_at_)josefsson(_dot_)org]
Sent: Thursday, March 29, 2007 10:12 AM
To: Sam Hartman
Cc: ietf(_at_)ietf(_dot_)org; iesg(_at_)ietf(_dot_)org; 
mark(_at_)redphonesecurity(_dot_)com
Subject: Re: Withdrawal of Approval and Second Last Call: draft-housley-
tls-authz-extns

Sam Hartman <hartmans-ietf(_at_)mit(_dot_)edu> writes:


"Simon" == Simon Josefsson <simon(_at_)josefsson(_dot_)org> writes:


    Simon> I don't care strongly about the standards track status.
    Simon> However, speaking as implementer of the protocol: If the
    Simon> document ends up as informational or experimental, I
    Simon> request that we make an exception and allow the protocol to
    Simon> use the already allocated IANA protocol constants.  That
    Simon> will avoid interoperability problems.  I know the numbers
    Simon> are allocated from the pool of numbers reserved for
    Simon> standards track documents.  There is no indication that we
    Simon> are running out of numbers in that registry.  Thus, given
    Simon> the recall, I think the IETF should be flexible and not
    Simon> re-assign the IANA allocated numbers at this point just
    Simon> because of procedural reasons.

Would you support publication on the standards track given the IPR
situation as someone who has implemented?


If the patent concern is valid and covers TLS libraries or other
applications, no.

However, as far as I am aware of the public information that is
available, the situation appears to be that we don't know whether
these patents apply and to what extent.  I don't know whether the
patents were filed in good or bad faith.  More information from the
patent holders may help here.

If it is possible to implement the protocol without violating the
patents, I would support publication.  I've seen some claims that this
may be possible.  I have no interest in reading these patents myself,
but my position would be influenced if someone knowledgeable reads the
patents.

Given the amount of patents out there, it would be unreasonable for us
to move everything to informational just because someone finds
something that may be relevant to a piece of work.

The community needs to evaluate patent claims, and preferably reach
conservative agreement (rough consensus is not good enough) on whether
we should care about a particular patent or not.  Input to that
community evaluation process may be documentation of legal actions
taken by a patent owner.  Sometimes that may happen only after a
document has been published.

I would support down-grading standards track documents that later turn
out to be patent-infected to informational.  Doing so would avoid
sending a message that the IETF supports patented technology, when the
IETF community didn't know about the patents at publication time.  For
credibility of the process, I believe it is important that these
decisions are only made based on publicly available information.

/Simon



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf




-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000

--- End Message ---
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Dean Anderson] RE: Withdrawal of Approval and Second Last Call: draft-housley-tls-authz-extns, Sam Hartman <=
Previous by Date:  Re: Withdrawal of Approval and Second Last Call: draft-housley-tls-authz-extns, Sam Hartman
Next by Date:  Re: [consensus] comments on draft-housley-aaa-key-mgmt-07.txt, Dan Harkins
Previous by Thread:  Re: Withdrawal of Approval and Second Last Call: draft-housley-tls-authz-extns, Simon Josefsson
Next by Thread:  Re: [consensus] comments on draft-housley-aaa-key-mgmt-07.txt, Dan Harkins
Indexes:  [Date] [Thread] [Top] [All Lists]