Please do not approve the "TLS authorization" proposal. I worked extensively
with TLS in my academic work in grad school, and eventually left the security
field because improvements to security technologies are so difficult to get
into use.
The IETF is one of the few bodies who can actually bring security technologies
into widespread use, but it's vital that you do so without creating business
deadlocks by imposing patent-encumbered standards!
We've been down this road before: many years ago, I drove an hour out of my
way to buy a copy of Apache Stronghold so that one of my clients would have a
legitimate RSA license for their SSL server. The impedance was real, and I
remember the parties that were held around the world when their patent
expired.
Internet security is in a deplorable state, especially with respect to the
state of the art in cryptographic research. We can't afford to go through
years more of patent-mined standards, causing billions of dollars of loss and
vulnerability, so that RedPhone can make a few million dollars on patent
licenses.
Please do the right thing: don't let this proposal become a standard.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf