Simon, could you please forward this to the IETF list for me?
Thanks,
--Dean
---------- Forwarded message ----------
Date: Fri, 27 Apr 2007 22:49:51 -0400 (EDT)
From: Dean Anderson <dean(_at_)av8(_dot_)com>
To: Thierry Moreau <thierry(_dot_)moreau(_at_)connotech(_dot_)com>
Cc: ietf(_at_)ietf(_dot_)org, mark(_at_)redphonesecurity(_dot_)com,
Simon Josefsson <simon(_at_)josefsson(_dot_)org>,
ietf(_at_)ietf(_dot_)org, iesg(_at_)ietf(_dot_)org
Subject: RE: Withdrawal of Approval and Second Last Call:
draft-housley-tls-authz-extns
On Fri, 27 Apr 2007, Thierry Moreau wrote:
Thus, look at the claims. Indeed, it
needs training to read issued patent and patent applications, but that's
the name of the game.
The claims are important. But they aren't the only thing. The
description of the invention (the specification) is a technical paper
like any other, though nothing is left as an exercise for the reader.
The specification and drawings are usually written by the inventor,
perhaps with editing and prodding by a lawyer. The lawyer usually writes
the claims. A small amount of legal background and terminology is
sufficient to understand the claims---its a language that helps abstract
the elements of the invention so that an infringement can be tested
objectively against the claims. BTW, the patent examiner is usually not
a lawyer, but a scientist.
I don't see a logical relation between PAS functions and the patent
application claims (it doesn't mean there isn't one).
There isn't any relation beyond, 'A isn't patented, but B is'.
RedPhoneSecurity is saying that if you don't do A, it will give you
permission to do B (maybe for free for now, maybe not later). Of course,
they want to make money somehow: probably they bet you'll want to do A
if you do B according to their proposal, and they will be happy to sell
you A. at that time. Of course, if this doesn't work out, the
technology probably gets sold, and the new owner might not give our free
licenses anymore. Business conditions can change.
The ietf IPR disclosure 833 seems to be trying to force contractual
obligations (assisting the enforcement of protected PAS functions)
based on an assumed infringement threat which would induce some
real/moral person to become a party to the contract (GUL).
More or less, Yes. Though it isn't the disclosure that forces this. Its
the patent in combination with the standard. They are using this to
leverage to protect their PAS functions, which they obviously think have
the real added value.
They may be trying to patent the PAS functions, too, for all we know.
Its hard to say, from our vantage point, what their interests are in the
the deal. But they are interested in negotation to obtain a standard;
it stands to reason, they expect to benefit. We can deduce some things.
They will have a monopoly on the PAS functions by virtue of anyone who
doesn't license the patent and agree not to implement the PAS functions,
will be barred by the patent if they conform to the RFC--assuming we
accept the RFC as is, of course. So one is in the position of either
implementing non-standard behavior, or agreeing to non-competition with
RedPhoneSecurity. That's quite an advantage for RedPhoneSecurity.
That's probably worth a great deal of money, even.
I'm always astonished to see ietf discussions about IPR so remote from
simple IPR management basics.
Yes.
I looked at the specifics of the patent application, and "specification
as filed" in the provisional application. Assuming the 5 independent
claims are valid,
You mean the 50 claims. There are 5 on the first page alone.
I expect the patentholder would have great difficulty
in establishing infringement against a source code maintainer
organization for software maintenance and distribution activities.
This is a gray area. I staked out a position on the openssl distribution
years ago that source code is the same as the patent application
itself---protected public information. The patent holder cannot
prohibit the distribution of the patent documents. The holder cannot
prohibit a book describing the invention. But the patent holder can
prohibit anyone (except the government) from using their invention. They
are under no obligation to license at all (IBM is well-known to patents
stuff and sit on it--They invented RISC in the 70's and sat on it), and
are also under no obligation to license fairly or reasonably.
The 64million dollar question is whether a source code infringes. I can
assure you that I have discussed the issue with very educated and
prominent patent attorneys who think that a source code implementation
[key word 'IMPLEMENTATION'] does infringe---plainly, using the source
code infringes. You see the question: is source code an
'implementation' or a 'specification'? I say it is a "specification":
The patent specification also contains a sequence of steps just like a
program. The patent specification itself is software of a sort. I say it
becomes an implementation when you use it. None of these attorneys were
interested in testing their assertions with the openssl distribution,
and those patents have since expired.
There are some very good attorneys who agree with me, too. But I've also
been called bad names and threatened with violence for holding views on
law that I am way more sure of winning. [e.g. that ECPA applies to ISPs,
that anti-trust applies to blacklists, etc]
The law has actually gotten a bit worse in some ways, in that the RIAA
and others have won cases against those assisting or enabling
(copyright) infringing activities. This could change the balance
affecting source code distributors and patents. Its a riskier bet now
than it was when I was distributing openssl source in the 90's. While
the LPF and others have convinced many key patent constituencies that
the patent system needs to be fixed, and I am confident that it will
eventually get fixed, the situation has gotten worse in some ways and
this is one ways its worse.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000