Hello, I am writing in regard to the Internet Draft "Transport Layer Security (TLS) Authorization Extensions <draft-housley-tls-authz-extns-07.txt>" and patents applied for by RedPhone Security relating to this draft. As an organisation, we use TLS for securing both our own information and and that of clients for transmission across the Internet. Support for authorization in TLS would be useful to us as an organisation to centralise authorisation of incoming TLS connections. However, I am concerned by the submarine patent(s) applied for by RedPhone Security. My understanding is that they did not disclose these patents until late in the process and, while they have granted licence to implementors of the auth extension, they have not done so for users of the extension. Even more concerning, this has already been implemented by at least the GnuTLS project and so may be unknowingly deployed by users and organisations already, exposing them to litigation. Please reconsider advancing draft-housley-tls-authz-extns-07.txt any further until users of this specification can deploy it without fear of patent claims. Regards, Michael Gratton, Proprietor, Quuxo Software. -- Michael Gratton <michael@xxxxxxxxx> Quuxo Software <http://web.quuxo.com/>
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf