Simon, I filed for patent (Jan and Sep 2005) and later promoted TLS authz (Feb 2006) in good faith. It is possible that the patent claims can be read more broadly than I expected, but that's a fairly detailed and unresolved legal question. I am working diligently to -- let me speak carefully -- explore if and how I can make a royalty free license grant to ensure that promoting TLS authz continues to be an act in good faith, while still protecting a way for my company to make money on its IPR. I have experienced some surprises when mixing law and Internet standards. To try to avoid surprises, I have hired IPR attorneys at two different firms to review my draft which proposes a royalty-free license grant. I expect any resulting license will be conditioned upon IETF acceptance of TLS authz as a standard. I hope to have concluded these services next week. I think IPR questions are complicated in part because for some questions only a lawsuit can answer the question -- but we should all want to stay clear of these kinds of lawsuits! So answers seem to me to be in short supply. I want to craft the proposed license to make this situation a little clearer than that, but doing so often involves taking risks of giving away a huge loophole. So I'm working to get good legal advice. In short, I am working to create a royalty-free license grant -- hopefully I can disclose it next week. With some luck, it will clarify the situation. Best regards, mark > -----Original Message----- > From: Simon Josefsson [mailto:simon@xxxxxxxxxxxxx] > Sent: Thursday, March 29, 2007 10:12 AM > To: Sam Hartman > Cc: ietf@xxxxxxxx; iesg@xxxxxxxx; mark@xxxxxxxxxxxxxxxxxxxx > Subject: Re: Withdrawal of Approval and Second Last Call: draft-housley- > tls-authz-extns > > Sam Hartman <hartmans-ietf@xxxxxxx> writes: > > >>>>>> "Simon" == Simon Josefsson <simon@xxxxxxxxxxxxx> writes: > > > > Simon> I don't care strongly about the standards track status. > > Simon> However, speaking as implementer of the protocol: If the > > Simon> document ends up as informational or experimental, I > > Simon> request that we make an exception and allow the protocol to > > Simon> use the already allocated IANA protocol constants. That > > Simon> will avoid interoperability problems. I know the numbers > > Simon> are allocated from the pool of numbers reserved for > > Simon> standards track documents. There is no indication that we > > Simon> are running out of numbers in that registry. Thus, given > > Simon> the recall, I think the IETF should be flexible and not > > Simon> re-assign the IANA allocated numbers at this point just > > Simon> because of procedural reasons. > > > > Would you support publication on the standards track given the IPR > > situation as someone who has implemented? > > If the patent concern is valid and covers TLS libraries or other > applications, no. > > However, as far as I am aware of the public information that is > available, the situation appears to be that we don't know whether > these patents apply and to what extent. I don't know whether the > patents were filed in good or bad faith. More information from the > patent holders may help here. > > If it is possible to implement the protocol without violating the > patents, I would support publication. I've seen some claims that this > may be possible. I have no interest in reading these patents myself, > but my position would be influenced if someone knowledgeable reads the > patents. > > Given the amount of patents out there, it would be unreasonable for us > to move everything to informational just because someone finds > something that may be relevant to a piece of work. > > The community needs to evaluate patent claims, and preferably reach > conservative agreement (rough consensus is not good enough) on whether > we should care about a particular patent or not. Input to that > community evaluation process may be documentation of legal actions > taken by a patent owner. Sometimes that may happen only after a > document has been published. > > I would support down-grading standards track documents that later turn > out to be patent-infected to informational. Doing so would avoid > sending a message that the IETF supports patented technology, when the > IETF community didn't know about the patents at publication time. For > credibility of the process, I believe it is important that these > decisions are only made based on publicly available information. > > /Simon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf