Re: Fourth Last Call: draft-housley-tls-authz-extns

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jan 14, 2009, at 4:53 PM, Dean Anderson wrote:

Somehow I haven't yet recieved the fourth last call, but only the
discussion.... Sigh.

see http://www.ietf.org/mail-archive/web/ietf-announce/current/ msg05617.html

There are MANY reasons that this should not be brought to a FOURTH last
call let me enumerate a few:

Obviously I disagree since I did bring it to a fourth last call. I believe the technology is useful, the specification of sufficient quality, and the IPR
situation is now consistent with the community's statements in the
preceding Last Call.  This makes it worth the pain of another last call.

1. --There have been THREE previous, soundly-rejected last calls, the
last one with literally dozens, perhaps hundreds of people against it.

The first last Call was not rejected at all. It supported publication but was
invalidated by the late IPR disclosure.  The third Last Call was rather
divided, IMHO.  And "hundreds" is a gross exaggeration...

2. --There are a couple of web page on the deception perpetrated by
Housley, Brown, Polk et al at
 http://www.av8.net/IETF-watch/People/Housley/index.html
 http://www.av8.net/IETF-watch/People/TimPolk/index.html
The IETF and IESG positions should not be used to benefit the
office-holders through deception of the IETF.  The members of the ISOC
and participants in the ISOC IETF Activity have clearly rejected the use
of IESG seats for this purpose.

The allegations are bogus. I am not benefiting in any way, and there has been no deception. There is no attempt to circumvent the community, only
an attempt to determine if consensus supports publication given the new
IPR disclosure statement.

3. --There have been reports of similar issues in recent lawsuit where
the plaintiff patent-holder acted similarly to Housley/Brown/Polk et al and was found to have engaged in "aggravated litigation abuse". In that
case, the Judge ruled the patents unenforceable as a penalty for the
deception of the standards body in that case.  (see
http://www.ietf.org/mail-archive/web/ipr-wg/current/msg05089.html and
http://www.cafc.uscourts.gov/opinions/07-1545.pdf)

In my opinion, these cases are irrelevant to the question presently at hand. This last call considers this specification in light of the published IPR disclosure 1026. If this specification is approved and new IPR claims are
submitted in the future, then these cases would be relevant.

4. --There is no community consensus to proceed, nor any demand from the
community to have this protocol standardized.

I would say this is a rather premature consensus call. It's four weeks for
individual submissions, not four hours.

And I have certainly received email that shows members of the community
(other than the authors) want to use this technology.


5. --There is only one implementation: Brown&Housley's

You know that's not true. Simon Josefsson also implemented authz, although
he removed it from his distribution after the initial IPR disclosure.


These reasons are sufficient to preclude a standard under the rules of
the IETF.

Since I disagree with all your reasons, it shouldn't be surprising that I disagree
with the conclusion.

[stuff deleted, moving onto substantive (IMHO) discussion.]

It is also my opinion that there is no need for this subprotocol given
the other IETF authorization protocols and standards that would operate
transparently inside a TLS channel and need no special TLS handling.

There are members of the community that disagree.  Some have posted
already.

But
if there is consensus that there is indeed a genuine need to have an
authorization sub-protocol as part of TLS, then I believe a new
sub-protocol should be developed openly and transparently that does not
infringe or utilize Brown's patent, so that Brown, Housley, Polk et al
do not profit by the standard.

If you read the IPR disclosure statement you will find that this specification
does not infringe or utilize RedPhone's IPR.

No technical issues have been raised concerning this protocol, and I am
not aware of any proposed alternatives.

Failure to publish at this point would simply be biting the nose off to spite
the face.

Tim Polk



Dean Anderson
CEO
AV8 Internet, Inc



--
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000





_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]