<Pasi.Eronen@xxxxxxxxx> writes: > My reading of RedPhone's IPR disclosure 1026 is that they claim to > have a patent application about a larger system that includes > tls-authz as one part, and uses it in particular way. If you want to > build a system matching the numbered list 1..4 in the disclosure > (RedPhone's description of what they claim is covered), then you > would have to consider this IPR disclosure. A license is required for each of the cases 1, 2, 3, and 4 individually. As far as I read item 3, it seems to cover many kind of realistic use of this protocol. As soon as you have some authorization data, you would typically compare the sender of the authorization to some set of valid issuers. > However, I think there are many more good uses for tls-authz that > do *not* match items 1..4. That would change things. Can you describe a practical way to use tls-authz that wouldn't be covered by, for example, item 3? I tried to understand one unencumbered use-case of tls-authz earlier: <http://thread.gmane.org/gmane.ietf.general/33561>. To my reading, the example seems encumbered. If you can explain an unencumbered use-case that would help. > Just because someone has filed a patent application on some rather > obscure combination of B+C+D should not prevent others from using the > protocol for things not covered by that application. Thus, I support > publishing this as an RFC (either Informational or Standards Track). Obviously part of our disagreement seems to be what is "obscure". Would you still support publication if the patent application covers broader ways to use the protocol? /Simon _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf