On 2007-09-26 13:21, Brad Hards wrote:
On Wednesday 26 September 2007 01:54, The IESG wrote:
The IESG is considering approving this draft as an experimental track
RFC with knowledge of the IPR disclosure from Redphone Security. The
IESG solicits final comments on whether the IETF community has
consensus to publish draft-housley-tls-authz-extns as an experimental
standard given the IPR claimed.
I would point out the the IETF has no such thing as an "experimental
standard." I assume this means "Experimental RFC."
[This is a repeat of my comments provided for the second last call, with minor
edits. I believe they are still applicable]
I believe that approval of draft-houselye-tls-authz-extns would be the wrong
decision, for the following reasons:
1. It would send the wrong message to both Redphone Security and other
companies who would seek to engage in similar practice. This is not to
suggest that any particular company did or would seek to do so, just that the
IETF should seek to deter this behaviour.
I think the IETF already sent a very strong signal that it won't
close its eyes to late disclosures for standards track documents,
by removing this from the standards track. It seems like double
jeopardy to use this as an argument against Experimental status
too - as Tim has said, there's nothing in our rules to block
publication as Experimental after an IPR disclosure.
2. The authorisation extensions have recently been implemented by a free
software library, and problems were found in a couple of areas:
http://www1.ietf.org/mail-archive/web/tls/current/msg01518.html
I agree that these points would need to be addressed by the authors
while reviewing Last Call comments, but they don't seem critical
for an Experimental document, do they? Also see
http://www1.ietf.org/mail-archive/web/tls/current/msg01519.html
Brian
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf