Thierry, > Do you have any guidelines / methodology / evaluation criteria / sources > of precedents or any other "sources of law"? According to those, one > could turn emprircal-observations-of-patent-holder-actions into a) an > evaluation whether to implement and/or b) an evaluation whether to adopt > as an IETF document (standards track / informational / experimental). If I read you correctly, you deride Simon because he considers this draft to carry patent risks but does not absolutely quantify those risks. But Simon is right that evaluating a patent is not an engineering exercise -- even if you are an expert in the relevant technology (as he is) and in the relevant law (as you are not), it is often impossible to determine whether a particular patent will be granted, and then whether it will be enforced against you by the patent holder, and then whether it will be upheld by a court. That Simon's reached one conclusion rather than another in this instance based in part on guesswork can hardly be blamed on his imprecision. Whether the patent eventually issues and includes the claims as stated in the application depends upon the quality of the examination by the patent office (it is widely recognized that the PTO is overworked and cannot devote sufficient time to each application). Whether the patent-holder will target a particular implementation depends upon the advice it's received from counsel and its own assessment of the risks and rewards. Whether the software developer (or user) can effectively parry even a very weak claim depends upon the resources of the developer (which in the case of free and open source software developers are often quite limited, as you might imagine). As Simon said, in any one or all three of these steps, the language of the patent claims themselves might be irrelevant. You are rightly concerned with how IETF can possibly make a decision one way or the other on a given disclosure when the question is so slippery. In short, an implementor can only have absolute certainty if he has an unequivocal license from the patent holder for himself and his users to make, use, and practice the claims. Any qualification of the license adds uncertainty, and the qualifications in RedPhone's statement create a good deal of uncertainty indeed. For example, it is difficult to imagine (though I am not myself an expert on TLS authorizations) an implementation of the proposed standard that would not "store Agreements and locate Agreements based on authorization data received from a sender, where Agreements are any legally recognizable and documented agreement between two parties." I understand that absolute certainty is not the aim of IETF. But I also believe that a significant proportion of the IETF constituency is concerned with enabling the development of free and open source software implementing IETF standards. Where, as I believe is the case here, an IPR disclosure from one of the drafters of the document offers insufficient certainty that such implementations are possible, the IETF should certainly take notice. Best regards, Aaron Williamson ISOC-NY _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf