It was brought to my attention that the IETF is to vote on an extension
to the TLS protocol to handle authentication. In and of itself, this
sounds like a very good extension. But it was also brought to my
attention that this authentication protocol may be infringe on
a patent held by RedPhone.
Given the role of the IETF in developing standards, it is of utmost
importance that those standards can be used by anyone, without having to
request special permission. So the IETF should be very careful to only
allow its standards to be encumbered by a patent on the condition that
the patent holder has granted a blanket royalty-free license to all users
(and implementors, and distributors, of course).
I thought this had always been a very clear policy of the IETF, but
it appears that this principle is under risk of not being
followed here. So, I want to ask here that the IETF not accept the
TLS-authz (aka draft-housley-tls-authz-extns-07.txt) proposal until the
situation with the RedPhone patent is cleared (either by getting
RedPhone to grant the appropriate royalty-free license to all users, or
by removing/replacing the infringing part of the protocol).
This is a matter of great importance for the future of the Internet.
Stefan
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf