Please do not approve the "TLS authorization" proposal. I worked extensively with TLS in my academic work in grad school, and eventually left the security field because improvements to security technologies are so difficult to get into use.
The IETF is one of the few bodies who can actually bring security technologies into widespread use, but it's vital that you do so without creating business deadlocks by imposing patent-encumbered standards!
We've been down this road before: many years ago, I drove an hour out of my way to buy a copy of Apache Stronghold so that one of my clients would have a legitimate RSA license for their SSL server. The impedance was real, and I remember the parties that were held around the world when their patent expired.
Internet security is in a deplorable state, especially with respect to the state of the art in cryptographic research. We can't afford to go through years more of patent-mined standards, causing billions of dollars of loss and vulnerability, so that RedPhone can make a few million dollars on patent licenses.
Please do the right thing: don't let this proposal become a standard. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf