Certicom's IPR statement dated 13 October 2008 lists some patents
that "may be necessary and essential to implementations of..." the
TLS extractor draft "when used with either: " RFC4492, RFC5289
or draft-rescorla-tls-suiteb. Check it out:
http://www.certicom.com/images/pdfs/certicom%20-ipr-contribution-to-ietfsept08.pdf
Don't use it with RFC4492, RFC5289 or draft-rescorla-tls-suiteb and
then the IPR statement does not apply. If it's possible to use the TLS
extractor draft in a way that the IPR statement doesn't apply then I
don't think you can say "the TLS Extractor draft is patent-encumbered".
I support free software* and I have no problem with this draft being
advanced as a Proposed Standard.
regards,
Dan.
* http://www.lounge.org/siv_for_openssl.tgz is a free version of RFC5297
for OpenSSL, and check out the "authsae" project on Source Forge.
On Mon, July 20, 2009 12:15 pm, Dean Anderson wrote:
I am against this standard because of its patent encumbrances and
non-free licencing terms. The working group did not get any clear
answers on what particular patents this draft may infringe, but a patent
holder (Certicom) did assert an IPR disclosure (1004) listing many
patents. We have no alternative but to accept the Certicom disclosure
statements as meaning that the TLS Extractor draft is patent-encumbered
without a universal, free defensive license.
The statement by https://datatrackerietf.org/ipr/1004/ referring to
http://www.certicom.com/images/pdfs/certicom%20-ipr-contribution-to-ietfsept08.pdf
which states:
"Certicom will, upon request, provide a nonexclusive, royalty free
patent license, to manufacturers to permit end users (including both
client and server sides), to use the patents in schedule A when
implementing any of these protocols, including those requiring third
party certificates provided the certificate is obtained from a licensed
Certificate Authority (CA). This license does not cover the issuing of
certificates by a Certification Authority (CA)."
That is not a free license, since Certicom must respond to the "request"
before any license is granted. After the IETF finally approves the
necessary standards, Certicom is free to stop approving the requests.
I ask others who support free software to join me in opposing this
document by sending a message stating opposition to the
IETF(_at_)IETF(_dot_)ORG
mailing list. IETF participation is open to the public, and anyone may
voice their view on IETF standards. It is also substantive to oppose a
document because of its patent status, and in fact, any topic that is
considered during or related to the IETF process is substantive.
--Dean
On Mon, 20 Jul 2009, The IESG wrote:
The IESG has received a request from the Transport Layer Security WG
(tls) to consider the following document:
- 'Keying Material Exporters for Transport Layer Security (TLS) '
<draft-ietf-tls-extractor-06.txt> as a Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2009-08-10. Exceptionally,
comments may be sent to iesg(_at_)ietf(_dot_)org instead. In either case,
please
retain the beginning of the Subject line to allow automated sorting.
The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt
IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16821&rfc_flag=0
_______________________________________________
TLS mailing list
TLS(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/tls
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
TLS mailing list
TLS(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf