I am writing because I am concerned about the proposed TLS authorization standard (draft-housley-tls-authz-extns) that the IETF is considering. I understand that the IETF rejected a similar standard in 2006 due to potential patent conflicts with RedPhone Security. Despite the fact that RedPhone Security have filed IPR Disclosure 1026 indicating that the proposed standard does not infringe upon their intellectual property rights, the IETF ought to take the same course as in 2006 and eschew this standard.
The potential for future conflict is too high to ignore in good conscience, and it would be unconscionable to standardize around any company's proprietary information. Unless RedPhone Security is willing to provide -- to all users -- a royalty-free license of the patent in question, users of this proposed standard will be threatened by the patent. It hangs the threat of lawsuits over the heads of users, and provides undue input and control over the standard and its future to a single patent-holder. It is very dangerous to put forth a standard with such dubious future prospects.
Users of standards put forth by the IETF necessarily and rightfully expect to be unencumbered by patent concerns. Because of the obvious and intractible concerns with RedPhone Security's patent, the IETF should only consider approving this standard (on any level) if all users are granted a royalty-free license of the patent. Otherwise, the standard is only available to those who can afford it, and its future is ultimately controlled by RedPhone Security.
Sincerely,
Brendan Ribera
_______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf