RE: Third Last Call: draft-housley-tls-authz-extns

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: Re: Third Last Call: draft-housley-tls-authz-extns
I think we need to be careful when it comes to IPR, if we are not careful we can allow anyone to exercise a veto on any spec they choose without being required to substantiate it.
 
There is a balance here between ensuring that a patent holder does not unjustly enrich themselves by enforcing rights to an inconsequential, undisclosed, unnecessary or otherwise bogus patent claim on the one hand and ensuring that a purported patent holder does not exercise undue influence on the standards process by making a claim that they stand little or no chance of being able to enforce in a court.
 
We have an IPR committee but I think that is part of the problem, not the solution. The IETF should not sit down and draft IPR rules. We should act like a standards body and recognize rules that have already been established elsewhere. The W3C went through this whole process once and obtained the agreement of the major IPR stakeholders and the open source movement. I see no reason at all to duplicate that effort. Members of W3C staff have informally indicated that they would be willing to release the document on a creative commons license.
 
I don't think we should be having regular discussions on the details of IPR policy here on the IETF list as we keep doing. Given the layer in the stack where the IETF operates it is not practical for us to have a blanket policy as W3C does that all standards be on completely open IPR terms. There are some areas where this is simply not possible - PKI in the era of Public Key Partners for example. We can however adopt rules similar to those at OASIS that create a strong bias towards open IPR terms without making open IPR a mandatory criteria.
 
What I would suggest is that new working groups be required to specify the governing IPR rules in their charter, these would be either that all IPR must be offered according to an open grant on W3C terms or that the working group specifies at the outset that RAND terms are acceptable.
 
By making the process all or nothing the bargainng leverage of the IETF is enhanced. Allowing each WG to negotiate separately weakens their bargaining power as any agreement that the IPR holder makes will be applied as binding precedent on them but not on others. Any future working group will expect to be offered terms at least as generous as those offered in the past from that particular IPR holder but the IPR holder cannot expect their competitors to be held to the same standard.

From: Simon Josefsson [mailto:simon@xxxxxxxxxxxxx]
Sent: Thu 18/10/2007 10:30 AM
To: Tim Polk
Cc: ietf@xxxxxxxx
Subject: Re: Third Last Call: draft-housley-tls-authz-extns

Tim Polk <tim.polk@xxxxxxxx> writes:

>>> The IESG solicits final comments on whether the IETF community has
>>> consensus to publish draft-housley-tls-authz-extns as an experimental
>>> standard given the IPR claimed. Comments can be sent to ietf@xxxxxxxx
>>> or exceptionally to iesg@xxxxxxxxx Comments should be sent by
>>> 2007-10-23.
>>
>> I was negative to publication during the earlier last calls, and I
>> continue to be so.  The primary reason remains the uncertainty of the
>> IPR situation.  It is not clear to me that I can implement this
>> protocol
>> freely without the burden of patent licenses.  I'm speaking as a free
>> software implementer of this document (see GnuTLS, <www.gnutls.org>).
>
> As the sponsoring AD, I would like to explain why I support publication
> as an Experimental RFC.  To quote RFC 2026, “Such a specification is
> published for the general information of the Internet technical
> community
> and as an archival record of the work.” Given the technical merits of
> the
> document and the existence of independent implementations, I believe
> it is in the interest of the community to have an archival record of
> this work.

I believe that is a poor argument, because the only implementation I am
aware of is the one I wrote.  And I'm opposed to publication of the
document.

To clarify that the part of the community that I'm a member of is not
interested in supporting this technology, we have decided to remove our
implementation.  See the announcement for GnuTLS in:

  ** TLS authorization support removed.
  This technique may be patented in the future, and it is not of crucial
  importance for the Internet community.  After deliberation we have
  concluded that the best thing we can do in this situation is to
  encourage society not to adopt this technique.  We have decided to
  lead the way with our own actions.
  <http://permalink.gmane.org/gmane.network.gnutls.general/955>

I hope you will reconsider sponsoring the document.

/Simon

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]