ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Comment on TLS-authz proposal

2009-02-12 12:47:50
from [Larry West] [Permanent Link] 
I object to this move to standards track status because I find IPR
1026 completely inadequate as protection.

I strongly urge the IETF to reject draft-housley-tls-authz-extns for
that reason.

Perhaps the IPR's range of choices for section VI, Licensing
Declaration, is too limited.   "No License Required for Implementers"
certainly leaves open the possibility that legal action could be
threatened against, say, distributors of allegedly infringing
implementations.   But the other choices are no better.

Yet the specific text in that section of IPR 1026 makes it clear that
Redphone Security's intended policy is very aggressive.  They
"assert[s] that the techniques for sending and receiving
authorizations... do not infringe upon RedPhone Security's
intellectual property rights".   Yet the next paragraph states that
they consider generation and processing of such authorizations --
i.e., making it work -- by any of four fairly obvious, broad, and
non-novel approaches will infringe on their purported rights.

And Redphone Security is only willing to agree to "fair and
non-discriminatory" licensing.   In fact this would amount to a very
problematic and effectively discriminatory burden upon purveyors of
Free Software or indeed of amateur or small commercial implementers.

In short, this seems like a significant hindrance for many potential
implementers, leading to myriad legal headaches and interoperability
problems.   Which is precisely *not* what one wants from a standard.

If this is technology that Redphone Security feels merits inclusion in
a world-wide standard -- that is, for purposes other than its own
enrichment -- then it can simply issue a blanket declaration that
clearly grants implementers, distributors, and end-users a no-cost,
no-paperwork declaration of non-infringement.   If its own enrichment
is indeed more important, then Redphone Security is certainly free to
make and sell products using its technology.   I see no need to use
the IETF as a marketing and sales arm for that.

Larry West
Software Developer
San Diego, California, USA

I have no interest, financial or otherwise, in Redphone Security or
any of its competitors.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Comment on TLS-authz proposal, Larry West <=
Previous by Date:  Re: Fourth Last Call: draft-housley-tls-authz-extns, Joachim Achtzehnter
Next by Date:  TLS authz licensing problem, Marek Kubica
Previous by Thread:  "TLS authorization", John Wyatt
Next by Thread:  TLS authz licensing problem, Marek Kubica
Indexes:  [Date] [Thread] [Top] [All Lists]