On Wednesday 26 September 2007 01:54, The IESG wrote: > The IESG is considering approving this draft as an experimental track > RFC with knowledge of the IPR disclosure from Redphone Security. The > IESG solicits final comments on whether the IETF community has > consensus to publish draft-housley-tls-authz-extns as an experimental > standard given the IPR claimed. [This is a repeat of my comments provided for the second last call, with minor edits. I believe they are still applicable] I believe that approval of draft-houselye-tls-authz-extns would be the wrong decision, for the following reasons: 1. It would send the wrong message to both Redphone Security and other companies who would seek to engage in similar practice. This is not to suggest that any particular company did or would seek to do so, just that the IETF should seek to deter this behaviour. 2. The authorisation extensions have recently been implemented by a free software library, and problems were found in a couple of areas: http://www1.ietf.org/mail-archive/web/tls/current/msg01518.html Approval of draft-housley-tls-authz-extns given current knowledge would be a poor decision both politically and technically. Brad Hards
Attachment:
pgpqwjlBV7YgD.pgp
Description: PGP signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf