I object to this move to standards track status because I find IPR 1026 completely inadequate as protection. I strongly urge the IETF to reject draft-housley-tls-authz-extns for that reason. Perhaps the IPR's range of choices for section VI, Licensing Declaration, is too limited. "No License Required for Implementers" certainly leaves open the possibility that legal action could be threatened against, say, distributors of allegedly infringing implementations. But the other choices are no better. Yet the specific text in that section of IPR 1026 makes it clear that Redphone Security's intended policy is very aggressive. They "assert[s] that the techniques for sending and receiving authorizations... do not infringe upon RedPhone Security's intellectual property rights". Yet the next paragraph states that they consider generation and processing of such authorizations -- i.e., making it work -- by any of four fairly obvious, broad, and non-novel approaches will infringe on their purported rights. And Redphone Security is only willing to agree to "fair and non-discriminatory" licensing. In fact this would amount to a very problematic and effectively discriminatory burden upon purveyors of Free Software or indeed of amateur or small commercial implementers. In short, this seems like a significant hindrance for many potential implementers, leading to myriad legal headaches and interoperability problems. Which is precisely *not* what one wants from a standard. If this is technology that Redphone Security feels merits inclusion in a world-wide standard -- that is, for purposes other than its own enrichment -- then it can simply issue a blanket declaration that clearly grants implementers, distributors, and end-users a no-cost, no-paperwork declaration of non-infringement. If its own enrichment is indeed more important, then Redphone Security is certainly free to make and sell products using its technology. I see no need to use the IETF as a marketing and sales arm for that. Larry West Software Developer San Diego, California, USA I have no interest, financial or otherwise, in Redphone Security or any of its competitors. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf