Re: Review of draft-ietf-tls-authz-extns-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thierry,

> Do you have any guidelines / methodology / evaluation criteria / sources 
> of precedents or any other "sources of law"? According to those, one 
> could turn emprircal-observations-of-patent-holder-actions into a) an 
> evaluation whether to implement and/or b) an evaluation whether to adopt 
> as an IETF document (standards track / informational / experimental).

If I read you correctly, you deride Simon because he considers this draft to
carry patent risks but does not absolutely quantify those risks.  But Simon is
right that evaluating a patent is not an engineering exercise -- even if you are
an expert in the relevant technology (as he is) and in the relevant law (as you
are not), it is often impossible to determine whether a particular patent will
be granted, and then whether it will be enforced against you by the patent
holder, and then whether it will be upheld by a court.

That Simon's reached one conclusion rather than another in this instance based
in part on guesswork can hardly be blamed on his imprecision.  Whether the
patent eventually issues and includes the claims as stated in the application
depends upon the quality of the examination by the patent office (it is widely
recognized that the PTO is overworked and cannot devote sufficient time to each
application).  Whether the patent-holder will target a particular implementation
depends upon the advice it's received from counsel and its own assessment of the
risks and rewards.  Whether the software developer (or user) can effectively
parry even a very weak claim depends upon the resources of the developer (which
in the case of free and open source software developers are often quite limited,
as you might imagine).  As Simon said, in any one or all three of these steps,
the language of the patent claims themselves might be irrelevant.

You are rightly concerned with how IETF can possibly make a decision one way or
the other on a given disclosure when the question is so slippery.  In short, an
implementor can only have absolute certainty if he has an unequivocal license
from the patent holder for himself and his users to make, use, and practice the
claims.  Any qualification of the license adds uncertainty, and the
qualifications in RedPhone's statement create a good deal of uncertainty indeed.
 For example, it is difficult to imagine (though I am not myself an expert on
TLS authorizations) an implementation of the proposed standard that would not
"store Agreements and locate Agreements based on authorization data received
from a sender, where Agreements are any legally recognizable and documented
agreement between two parties."

I understand that absolute certainty is not the aim of IETF.  But I also believe
that a significant proportion of the IETF constituency is concerned with
enabling the development of free and open source software implementing IETF
standards.  Where, as I believe is the case here, an IPR disclosure from one of
the drafters of the document offers insufficient certainty that such
implementations are possible, the IETF should certainly take notice.

Best regards,

Aaron Williamson
ISOC-NY
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]