On Wednesday 26 September 2007 01:54, The IESG wrote:
The IESG is considering approving this draft as an experimental track
RFC with knowledge of the IPR disclosure from Redphone Security. The
IESG solicits final comments on whether the IETF community has
consensus to publish draft-housley-tls-authz-extns as an experimental
standard given the IPR claimed.
[This is a repeat of my comments provided for the second last call, with minor
edits. I believe they are still applicable]
I believe that approval of draft-houselye-tls-authz-extns would be the wrong
decision, for the following reasons:
1. It would send the wrong message to both Redphone Security and other
companies who would seek to engage in similar practice. This is not to
suggest that any particular company did or would seek to do so, just that the
IETF should seek to deter this behaviour.
2. The authorisation extensions have recently been implemented by a free
software library, and problems were found in a couple of areas:
http://www1.ietf.org/mail-archive/web/tls/current/msg01518.html
Approval of draft-housley-tls-authz-extns given current knowledge would be a
poor decision both politically and technically.
Brad Hards
pgpTjIdsnNpYE.pgp
Description: PGP signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf