"Mark Brown" <mark@xxxxxxxxxxxxxxxxxxxx> writes: > Simon, > > I filed for patent (Jan and Sep 2005) and later promoted TLS authz (Feb > 2006) in good faith. It is possible that the patent claims can be read more > broadly than I expected, but that's a fairly detailed and unresolved legal > question. I am working diligently to -- let me speak carefully -- explore > if and how I can make a royalty free license grant to ensure that promoting > TLS authz continues to be an act in good faith, while still protecting a way > for my company to make money on its IPR. Thanks for responding, Mark. In your opinion, what would an implementation have to do (implementation-wise) in order to infringe on your patent? Answering this, at least as far as your own informed opinion goes, would be useful in determining if there is value for the IETF community in standardizing this. If typical real-world TLS libraries in general would infringe on the patent, then I don't see how the IETF community in general would benefit from having this on the standards track. In fact, I see serious problems if the IETF standardize documents that the wide Internet community cannot use due to patent concerns. > I have experienced some surprises when mixing law and Internet standards. > To try to avoid surprises, I have hired IPR attorneys at two different firms > to review my draft which proposes a royalty-free license grant. I expect > any resulting license will be conditioned upon IETF acceptance of TLS authz > as a standard. I hope to have concluded these services next week. Personally, I believe the temporal ordering should be the reversed. > I think IPR questions are complicated in part because for some questions > only a lawsuit can answer the question -- but we should all want to stay > clear of these kinds of lawsuits! So answers seem to me to be in short > supply. Making your thoughts and opinions clear and public goes a long way to disseminate the intent behind the patent. The IETF permits patented technology, but to make an informed decision how to respond to "do we want to standardize this" (i.e., the IETF-wide last call) there needs to be sufficient information available for participants to form an opinion. > I want to craft the proposed license to make this situation a little > clearer than that, but doing so often involves taking risks of > giving away a huge loophole. So I'm working to get good legal > advice. > > In short, I am working to create a royalty-free license grant -- hopefully I > can disclose it next week. With some luck, it will clarify the situation. I look forward to reading it! Best regards, Simon > Best regards, > > mark > >> -----Original Message----- >> From: Simon Josefsson [mailto:simon@xxxxxxxxxxxxx] >> Sent: Thursday, March 29, 2007 10:12 AM >> To: Sam Hartman >> Cc: ietf@xxxxxxxx; iesg@xxxxxxxx; mark@xxxxxxxxxxxxxxxxxxxx >> Subject: Re: Withdrawal of Approval and Second Last Call: draft-housley- >> tls-authz-extns >> >> Sam Hartman <hartmans-ietf@xxxxxxx> writes: >> >> >>>>>> "Simon" == Simon Josefsson <simon@xxxxxxxxxxxxx> writes: >> > >> > Simon> I don't care strongly about the standards track status. >> > Simon> However, speaking as implementer of the protocol: If the >> > Simon> document ends up as informational or experimental, I >> > Simon> request that we make an exception and allow the protocol to >> > Simon> use the already allocated IANA protocol constants. That >> > Simon> will avoid interoperability problems. I know the numbers >> > Simon> are allocated from the pool of numbers reserved for >> > Simon> standards track documents. There is no indication that we >> > Simon> are running out of numbers in that registry. Thus, given >> > Simon> the recall, I think the IETF should be flexible and not >> > Simon> re-assign the IANA allocated numbers at this point just >> > Simon> because of procedural reasons. >> > >> > Would you support publication on the standards track given the IPR >> > situation as someone who has implemented? >> >> If the patent concern is valid and covers TLS libraries or other >> applications, no. >> >> However, as far as I am aware of the public information that is >> available, the situation appears to be that we don't know whether >> these patents apply and to what extent. I don't know whether the >> patents were filed in good or bad faith. More information from the >> patent holders may help here. >> >> If it is possible to implement the protocol without violating the >> patents, I would support publication. I've seen some claims that this >> may be possible. I have no interest in reading these patents myself, >> but my position would be influenced if someone knowledgeable reads the >> patents. >> >> Given the amount of patents out there, it would be unreasonable for us >> to move everything to informational just because someone finds >> something that may be relevant to a piece of work. >> >> The community needs to evaluate patent claims, and preferably reach >> conservative agreement (rough consensus is not good enough) on whether >> we should care about a particular patent or not. Input to that >> community evaluation process may be documentation of legal actions >> taken by a patent owner. Sometimes that may happen only after a >> document has been published. >> >> I would support down-grading standards track documents that later turn >> out to be patent-infected to informational. Doing so would avoid >> sending a message that the IETF supports patented technology, when the >> IETF community didn't know about the patents at publication time. For >> credibility of the process, I believe it is important that these >> decisions are only made based on publicly available information. >> >> /Simon > > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf