ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Third Last Call: draft-housley-tls-authz-extns

2007-10-18 10:09:42
from [Hallam-Baker, Phillip] [Permanent Link] 
I think we need to be careful when it comes to IPR, if we are not careful we 
can allow anyone to exercise a veto on any spec they choose without being 
required to substantiate it.
 
There is a balance here between ensuring that a patent holder does not unjustly 
enrich themselves by enforcing rights to an inconsequential, undisclosed, 
unnecessary or otherwise bogus patent claim on the one hand and ensuring that a 
purported patent holder does not exercise undue influence on the standards 
process by making a claim that they stand little or no chance of being able to 
enforce in a court.
 
We have an IPR committee but I think that is part of the problem, not the 
solution. The IETF should not sit down and draft IPR rules. We should act like 
a standards body and recognize rules that have already been established 
elsewhere. The W3C went through this whole process once and obtained the 
agreement of the major IPR stakeholders and the open source movement. I see no 
reason at all to duplicate that effort. Members of W3C staff have informally 
indicated that they would be willing to release the document on a creative 
commons license.
 
I don't think we should be having regular discussions on the details of IPR 
policy here on the IETF list as we keep doing. Given the layer in the stack 
where the IETF operates it is not practical for us to have a blanket policy as 
W3C does that all standards be on completely open IPR terms. There are some 
areas where this is simply not possible - PKI in the era of Public Key Partners 
for example. We can however adopt rules similar to those at OASIS that create a 
strong bias towards open IPR terms without making open IPR a mandatory 
criteria. 
 
What I would suggest is that new working groups be required to specify the 
governing IPR rules in their charter, these would be either that all IPR must 
be offered according to an open grant on W3C terms or that the working group 
specifies at the outset that RAND terms are acceptable.
 
By making the process all or nothing the bargainng leverage of the IETF is 
enhanced. Allowing each WG to negotiate separately weakens their bargaining 
power as any agreement that the IPR holder makes will be applied as binding 
precedent on them but not on others. Any future working group will expect to be 
offered terms at least as generous as those offered in the past from that 
particular IPR holder but the IPR holder cannot expect their competitors to be 
held to the same standard.

________________________________

From: Simon Josefsson [mailto:simon(_at_)josefsson(_dot_)org]
Sent: Thu 18/10/2007 10:30 AM
To: Tim Polk
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: Third Last Call: draft-housley-tls-authz-extns



Tim Polk <tim(_dot_)polk(_at_)nist(_dot_)gov> writes:


The IESG solicits final comments on whether the IETF community has
consensus to publish draft-housley-tls-authz-extns as an experimental
standard given the IPR claimed. Comments can be sent to 
ietf(_at_)ietf(_dot_)org
or exceptionally to iesg(_at_)ietf(_dot_)org(_dot_) Comments should be sent 
by
2007-10-23.


I was negative to publication during the earlier last calls, and I
continue to be so.  The primary reason remains the uncertainty of the
IPR situation.  It is not clear to me that I can implement this
protocol
freely without the burden of patent licenses.  I'm speaking as a free
software implementer of this document (see GnuTLS, <www.gnutls.org>).


As the sponsoring AD, I would like to explain why I support publication
as an Experimental RFC.  To quote RFC 2026, "Such a specification is
published for the general information of the Internet technical
community
and as an archival record of the work." Given the technical merits of
the
document and the existence of independent implementations, I believe
it is in the interest of the community to have an archival record of
this work.


I believe that is a poor argument, because the only implementation I am
aware of is the one I wrote.  And I'm opposed to publication of the
document.

To clarify that the part of the community that I'm a member of is not
interested in supporting this technology, we have decided to remove our
implementation.  See the announcement for GnuTLS in:

  ** TLS authorization support removed.
  This technique may be patented in the future, and it is not of crucial
  importance for the Internet community.  After deliberation we have
  concluded that the best thing we can do in this situation is to
  encourage society not to adopt this technique.  We have decided to
  lead the way with our own actions.
  <http://permalink.gmane.org/gmane.network.gnutls.general/955>

I hope you will reconsider sponsoring the document.

/Simon

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Third Last Call: draft-housley-tls-authz-extns, Russ Housley
Next by Date:  Re: Third Last Call: draft-housley-tls-authz-extns, Brian E Carpenter
Previous by Thread:  Re: Third Last Call: draft-housley-tls-authz-extns, Russ Housley
Next by Thread:  A priori IPR choices [Re: Third Last Call: draft-housley-tls-authz-extns], Brian E Carpenter
Indexes:  [Date] [Thread] [Top] [All Lists]