<Pasi(_dot_)Eronen(_at_)nokia(_dot_)com> writes:
My reading of RedPhone's IPR disclosure 1026 is that they claim to
have a patent application about a larger system that includes
tls-authz as one part, and uses it in particular way. If you want to
build a system matching the numbered list 1..4 in the disclosure
(RedPhone's description of what they claim is covered), then you
would have to consider this IPR disclosure.
A license is required for each of the cases 1, 2, 3, and 4 individually.
As far as I read item 3, it seems to cover many kind of realistic use of
this protocol. As soon as you have some authorization data, you would
typically compare the sender of the authorization to some set of valid
issuers.
However, I think there are many more good uses for tls-authz that
do *not* match items 1..4.
That would change things. Can you describe a practical way to use
tls-authz that wouldn't be covered by, for example, item 3? I tried to
understand one unencumbered use-case of tls-authz earlier:
<http://thread.gmane.org/gmane.ietf.general/33561>. To my reading, the
example seems encumbered. If you can explain an unencumbered use-case
that would help.
Just because someone has filed a patent application on some rather
obscure combination of B+C+D should not prevent others from using the
protocol for things not covered by that application. Thus, I support
publishing this as an RFC (either Informational or Standards Track).
Obviously part of our disagreement seems to be what is "obscure".
Would you still support publication if the patent application covers
broader ways to use the protocol?
/Simon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf