Hello,
I am writing because I am concerned about the proposed TLS authorization
standard (draft-housley-tls-authz-extns) that the IETF is considering. I
understand that the IETF rejected a similar standard in 2006 due to
potential patent conflicts with RedPhone Security. Despite the fact that
RedPhone Security have filed IPR Disclosure 1026 indicating that the
proposed standard does not infringe upon their intellectual property rights,
the IETF ought to take the same course as in 2006 and eschew this standard.
The potential for future conflict is too high to ignore in good conscience,
and it would be unconscionable to standardize around any company's
proprietary information. Unless RedPhone Security is willing to provide --
to all users -- a royalty-free license of the patent in question, users of
this proposed standard will be threatened by the patent. It hangs the
threat of lawsuits over the heads of users, and provides undue input and
control over the standard and its future to a single patent-holder. It is
very dangerous to put forth a standard with such dubious future prospects.
Users of standards put forth by the IETF necessarily and rightfully expect
to be unencumbered by patent concerns. Because of the obvious and
intractible concerns with RedPhone Security's patent, the IETF should only
consider approving this standard (on any level) if all users are granted a
royalty-free license of the patent. Otherwise, the standard is only
available to those who can afford it, and its future is ultimately
controlled by RedPhone Security.
Sincerely,
Brendan Ribera
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf