Re: Does being an RFC mean anything?

On Mar 11, 2009, at 2:22 PM, Lawrence Rosen wrote:

> The recent threads about draft-housley-tls-authz have taught me  
> something I didn't know about IETF, and I don't like what I've  
> learned.
> There are, it appears, many types of IETF RFCs, some which are  
> intended to be called "Internet standards" and others which bear  
> other embedded labels and descriptions in their boilerplate text  
> that are merely "experimental" or "informational" or perhaps simply  
> "proposed standard". One contributor here described the RFC series  
> as "a repository of technical information [that] will be around when  
> I am no longer around."
> The world is now full of standards organizations that treat their  
> works as more significant than merely "technical information." Why  
> do we need IETF for that purpose? If all we need is a repository of  
> technical information, let's just ask Google and Yahoo to build it  
> for us. Maybe our Internet standards should instead be created in an  
> organized body that pays serious attention to the ability of the  
> wide world to implement those standards without patent encumbrances.
> But even if IETF isn't willing to amend its patent policy that far— 
> and most SDOs still aren't, unfortunately—at the very least we  
> should take our work seriously. When someone proposes a serious RFC,  
> we should demand that the water around that RFC be swept for mines— 
> especially *disclosed* patent mines that any serious sailor would  
> want to understand first.
> If IETF isn't willing to be that serious, maybe we should recommend  
> that our work go to standards organizations that do care? As far as  
> my time to volunteer for a better Internet, there are far better  
> ways to do it than listening here to proposals that are merely  
> "technical information." At the very least, separate that into a  
> different list than IETF.org so I know what to ignore!
> By the way, many of the same companies and individuals who are  
> involved here in IETF are also active participants in W3C, OASIS,  
> and the new Open Web Foundation, all of which organizations pay more  
> attention to patents and the concept of "open standards" than what  
> IETF seems to be doing here. So let's not be disingenuous, please.  
> Almost everyone here has previous experience doing this the right way.
I work in VoIP. My current day job is consulting on IPR, primarily on  
patent litigation defense.
There are tens of thousands of patents in this area in the US alone. I  
can think of few things I've seen in the last few years that aren't  
covered by some kind of patent when they are brought into IETF, and  
most of those acquire some kind of patent not long after. Many of the  
things I've seen I can't discuss for NDA reasons, but I can say that I  
accidentally found one patent that might possibly apply to an RFC I  
edited, for which I submitted a 3rd party IPR disclosure to test the  
process.
Even if we applied the entire administrative capacity of the IETF to  
filing and processing IPR disclosures, we couldn't possibly keep up  
with the applicable US patents applying to VoIP, much less the tens of  
thousands of patents on other protocols and in other jurisdictions.
I haven't looked, but I'm willing to bet that the same reality applies  
to every other SDO.
So get real. The ONLY thing that an SDO's IPR disclosure process helps  
with is the submarine patent held by an active participant in the SDO  
-- and look where that got us with FTC vs. Rambus in the long run. To  
the extent that the SDO disclosure policies apply, they apply equally  
to Standard, Informational, Experimental, and even Historical track  
RFCs. That's it -- if an IETF participant fails to disclose, they run  
risk of litigation around applying a patent against a standard, and  
the outcome is not a sure thing.
This is especially poignant in that the IETF does not have corporate  
membership. Rather, it has voluntary individual participation. So for  
example, if Employee A (who does not participate in the IETF)  at  
company X files an patent on Idea #12 but doesn't tell Employee B (who  
works on Idea #12 in the IETF), then it's arguable that Company X has  
no disclosure liability here.  For example, in the case I mentioned  
above where I filed the 3rd party notice, none of the participants  
from the IPR-owning company that I spoke to had been previously aware  
of the IPRs existence. Some attorney back in the home-country filed it  
based on a disclosure from somebody who probably wasn't even aware  
there was a need for a standard related to the idea.
Now, if you want to lobby for requiring corporate membership in IETF,  
feel free, but prepare for the throwing of a lot of stones. In the  
meantime, get over it. Trying to require IETF to do a patent search on  
every aspect of every RFC would just shut the organization down.
--
Dean Willis





_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf