Re: Review of draft-ietf-tls-authz-extns-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Simon,

Thanks for these clarifications. They explain how you, and how "apparently" the FSF came to the conclusion about the current Redphone IPR situation.

(No need to repeat my opposite views already on the record.)

- Thierry

Simon Josefsson wrote:

Thierry Moreau <thierry.moreau@xxxxxxxxxxxxx> writes:


Simon Josefsson wrote:


When evaluating whether to implement a particular technology, you need
to evaluate all the risks.  The text of patent (applications) helps in
the evaluation.  My point is that the actions of patent holders is
significantly more relevant.


Dear Simon:

Interesting, and completely new to me.

Do you have any guidelines / methodology / evaluation criteria /
sources of precedents or any other "sources of law"? According to
those, one could turn emprircal-observations-of-patent-holder-actions
into a) an evaluation whether to implement and/or b) an evaluation
whether to adopt as an IETF document (standards track / informational
/ experimental).

Perhaps there is some form of non written IPR etiquette.


See RFC 3669, it contains good discussion and interesting examples.

The evaluation done in the examples of RFC 3669 does not generally seem
to be of what's in the actual patent text.  Instead people have
evaluated the actions taken (or not taken) by patent holders.  This
re-inforces my point.


Perhaps you have an intuitive talent at this type of analysis and you
are the Oracle in the present instance, i.e. you made the evaluation
and then the FSF started its campaign.


Heh.  I have been careful to avoid reading any patent text or make any
judgement of the patent disclaimer and licensing conditions.  That is
not my field of expertise.  I do not have any influence over what the
FSF does or decides here.

One person can't reliable make a decision like this, it needs to be
discussed by the community and people can provide their thoughts on the
topic.  Eventually, after hearing what people have said, everyone can
form their own opinion of the situation.  This is what I've done, and I
have also made my opinion publicly known in this discussion.

That doesn't mean I cannot be convinced otherwise.  There are two things
I believe are critical in this discussion:

  1) how widely the patent filer believes their patent applies, and

  2) the licensing conditions offered by the patent filer.

Item 2) has apparently been evaluated by the FSF and they found that the
conditions doesn't allow wide use of implementations.  Reading the
patent disclaimer myself, I don't see anything that invalidates this
evaluation, and I see things that re-inforce the evaluation.  The FSF
has access to legal aid and has a track record in working in this area.
Some engineers, like Pasi and Sam seems to believe the opposite.
However, the FSF takes the legal risk if I re-add the tls-authz
implementation to GnuTLS.  So to me the FSFs evaluation carry more
weight.

Item 1) is, alas, difficult to judge without the vulcan mind melt, but
it is warranted to be conservative.  The licensing conditions demanded
for certain uses also gives some indication of the scope of the
perceived applicability.

As far as I can tell, the simplest approach to resolve the problem would
be to offer the technology for free use to anyone without limitation.
This solves item 2) and makes the more difficult to judge item 1)
irrelevant.

/Simon


_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]