| All,
I have gone through the discussion. Here’s what I’d like to conclude, and have told the editors to take these into account in a new version. I have asked a version to be published, and see if we can get that approved in the next IESG telechat(s).
SUBSTANTIAL
* Comment from Russ Housley on Jan 19, regarding design teams and when the IETF work starts.
* Russ Housley’s concern re: “IETF sanctioned” was resolved
per Brian’s and Harald's suggestions (Brian's mail on March 26).
I do not think that the change here is sufficient based on my reading of the thread that followed my comments. I think my comment is addressed, but not all of the points that are made in that thread. In particular, the output of the design team is the contribution, not every alternative that is discarded before being written down or presented. Also, the reference to BCP 25 seems to scope this the design teams in working groups, not all design teams.
Further discussion in the thread resulted in this suggested change:
Perhaps: “… WG design teams [see BCP 25] and other design teams that intend to deliver an output to the IETF …”
* Comment from Stewart Bryant on Jan 24, regarding item j in
Section 1:
j. "Internet-Draft": a temporary document used in the IETF and RFC Editor processes, as described in [RFC2026]. SB> IDs are no longer temporary documents. There was a myth that SB> were temporary long after they were unofficially archived, but they SB> are now formally archived by the tools system. This is important SB> because they have a potential influence that stretches beyond SB> the notional six months.
Stewart is factually right here. I’d propose deleting the word and saying nothing about the documents’ permanence or lack thereof. The deletion was also supported by Brian Carpenter on IETF list discussion. This RFC-to-be is not the place that discusses IETF I-D storage practices so I don’t think we need to explain what the situation is, just not incorrectly refer to it :-)
* Comment from Stewart Bryant on Jan 24:
5.2.3 Timing of Disclosure by ADs By the nature of their office, IETF area directors may become aware of Contributions late in the process (for example at IETF Last Call or during IESG review) and, therefor and in such cases, cannot reasonably be expected to disclose IPR Covering those Contributions until they become aware of them. SB> I made the following point as an input via another route. SB> There are a number of people that would not ordinarily be expected SB> to see a document until the very late stages of the process. SB> The Gen-art reviewers, and the directorates doing cross are SB> reviews. It would seem reasonable to give dispensation to all SB> of the groups assisting the ADs in late stage reviews where SB> the reviewer took no part in the development of the document. SB> Either the above or strike the section.
Stewart has a point here as well. Brian Carpenter suggested:
By the nature of their office, IETF area directors or persons assisting
them may become aware of Contributions late in the process …
so lets do that.
* Comment from Stewart Bryant on Jan 24 on Section 5.4.1:
5.4.1. Content of IPR Disclosures also list the name(s) of the inventor(s) (with respect to issued patents and published patent applications) and the specific IETF Document(s) or activity affected. SB> It is new to require the names of inventors. Given that the names SB> of inventors are in the published patent it would seem reasonable SB> to follow the principle of minimizing the actions required by SB> organizations outside the IETF and not add this requirement.
There has been considerable discussion on including the names supporting the addition, and there’s a rationale for this addition, relating to for instance, the easy ability to identify IETF participants. There are also translation concerns when patent filings incl. inventor names are not easily readable.
I’d suggest no changes here.
* Comment from Stewart Bryant on Jan 24 on Section 5.4.1:
If the IETF Document is an Internet-Draft, it must be referenced by specific version number. SB> That is presumably the version number in which the IPR was SB> first observed by the IPR owner. You cover updates later SB> but it may be useful to clarify upfront that you do not expect SB> per version IPR refresh.
You are right, but I think we are already covered for this in the draft. The text later says:
An IPR disclosure must be updated or a new disclosure made promptly after any of the following has occurred … (4) a material change to the IETF Document covered by the Disclosure that causes the Disclosure to be covered by additional IPR
In other words, no need to update unless there was a material change.
* Comment from Stewart Bryant on Jan 25 on Section 5.4.1:
An IPR disclosure must list the numbers of any issued patents or
published patent applications or indicate that the disclosure is
based on unpublished patent applications. The IPR disclosure must
also list the name(s) of the inventor(s) (with respect to issued
patents and published patent applications) and the specific IETF
Document(s) or activity affected.
In some cases that is simply impractical. For example one might
know that IPR was filed at a previous employer, for example
because you were on the patent review panel, but of course
would no longer have access to the documents to tease out the
exact identity of the patent. All that we can expect by the first
stage discloser, perhaps filing a third party disclosure, is as
much information as they still have available.
Right. Is there a possibility to have a different rule for 3rd party and
The text has a must, whereas the discloser can only provide that information as far as practical and with regard to the access to records they have available to them at the time they identify the need to disclose.
Perhaps the right thing to do here is to add a constraint on information available to the person making the disclosure.
How about this:
Add to the end of Section 5.4.1 a new paragraph:
Note that there may be cases — such as third party declarations — where person making the declaration may not have all the information. The requirements of this section only apply to the information that is available to the person(s) making the declaration.
* Pete Resnick’s review noted the following about Section 2:
* Pete Resnick suggested to put back in the three principles to
Section 2 that were deleted from the previous RFC (April 11).
We’ve done so; we should only make substantive changes
to the original RFC when there’s clear consensus to do so.
I can't find these in -10. I suggested that they go in at the second paragraph of section 2: RFC 2026, Section 10 established three basic principles regarding the IETF dealing with claims of Intellectual Property Rights: (a) the IETF will make no determination about the validity of any (b) the IETF following normal processes can decide to use technology for which IPR disclosures have been made if it decides that such (c) in order for the working group and the rest of the IETF to have the information needed to make an informed decision about the use of a particular technology, all those contributing to the working group's discussions must disclose the existence of any IPR the Contributor or other IETF participant believes Covers or may ultimately Cover the technology under discussion. This applies to both Contributors and other participants, and applies whether they contribute in person, via email or by other means. The requirement applies to all IPR of the participant, the participant's employer, sponsor, or others represented by the participants, that is reasonably and personally known to the participant. No patent search is required. These should be adopted, as previously discussed.
* Pete Renisck’s review noted the following on January 26:
In Sec. 6, put back list of penalties since it was pointed out that
RFC 6701 is informational only.
Ugh. This undid a change that was (correctly) done back in -07. The new text in -07 was definitely ungrammatical and needed fixing. However, I do not believe that putting back the -06 text is appropriate in light of the discussion on the list regarding -08. RFC 6701 was Informational for a reason: It is not introducing any new sanctions. All of the sanctions are available under already existing IETF processes. A primary reason 6701 was written was because folks at the time didn't understand that they could be used for this purpose, just like you would use such remedies for any other disruption of IETF work. But we wanted to be clear that we weren't making new policy, which is why it's not a BCP. This document (which is going to be a BCP) shouldn't do anything that might be interpreted as a new sanctions policy. It reads as if it's trying to do exactly that, particularly given that the text in this document lists suspension of posting/participation first in the list, which is quite contrary to the spirit of 6701. (And let's be honest: The real penalties in not disclosing lie in those "available under law".) As was proposed back in March, please change the last paragraph of 6: In addition to any remedies or defenses that may be available to implementers and others under the law with respect to such a violation (e.g., rendering the relevant IPR unenforceable), the IESG may, when it in good faith concludes that such a violation has occurred, impose penalties including, but not limited to, suspending the posting/participation rights of the offending individual, suspending the posting/participation rights of other individuals employed by the same company as the offending individual, amending, withdrawing or superseding the relevant IETF Documents, and publicly announcing the facts surrounding such violation, including the name of the offending individual and his or her employer or sponsor. See In addition to any remedies available outside the IETF, actions may be taken inside the IETF to address violations of IPR disclosure policies; see [RFC6701] for details of the sanctions defined in various existing Best Current Practice documents. That appeared to be the conclusion of the discussion then, and I didn't see anything on the list to indicate otherwise. If someone likes the stuff at the beginning (which I don't particularly think is necessary, but I won't object to if someone insists), here's an alternative: In addition to any remedies or defenses that may be available to implementers and others under the law with respect to such a violation (e.g., rendering the relevant IPR unenforceable), sanctions are available through the normal IETF processes for handling disruptions to IETF work. See [RFC6701] for details of the sanctions defined in various existing Best Current Practice documents. He seems right. Please use the text (the first “NEW” block above).
* Russ Housley’s suggestions from Feb 7:
In Section 1, definition j, please be more specific in the reference. I think the intention is to reference Section 2.2 of [RFC2026]. In Section 5.5, paragraph D, I suggest a different wording: D. Licensing declarations must be made by people with appropriate authorization as discussed in Section 5.6 of this document.
OTHER OBSERVATIONS AND QUESTIONS
* Observation from Stewart Bryant on Jan 24, regarding item e in Section 1:
e. "IETF": In the context of this document, the IETF includes all individuals who participate in meetings, working groups, mailing lists, functions and other activities which are organized or initiated by ISOC, the IESG or the IAB under the general designation of the Internet Engineering Task Force or IETF, but solely to the extent of such participation. SB> I think this is a definition of so called "members of the IETF" SB> Certainly the term "IETF" on its own means a multitude of things SB> to different people and is easily confused.
This definition style is unchanged since the previous RFC. I see no reason to make changes in this regard.
* Question from Stewart Bryant on Jan 24, regarding item B in Section 3.3:
B. Such Contributor represents that there are no limits to the Contributor's ability to make the grants, acknowledgments and agreements herein that are reasonably and personally known to the Contributor.
SB> I do not understand what point B above means.
It means that if you (for instance) make an IPR declaration and say something about the license conditions, you or whoever is helping you to make that statement, can actually make those statements.
I don’t think a document change is needed.
* Suggestion from Stewart Bryant on Jan 24, regarding Section 5.4.2
A. An IPR disclosure must be updated or a new disclosure made promptly after any of the following has occurred unless sufficient information to identify the issued patent was disclosed when the patent application was disclosed: (1) the publication of a previously unpublished patent application, (2) the abandonment of a patent application (3) the issuance of a patent on a previously disclosed patent application ), (4) a material change to the IETF Document covered by the Disclosure that causes the Disclosure to be covered by additional IPR. If the patent application was abandoned, then the new IPR disclosure must explicitly withdraw any earlier IPR disclosures based on the application. IPR disclosures against a particular Contribution are assumed to be inherited by revisions of the Contribution and by any RFCs that are published from the Contribution unless the disclosure has been SB> The above is ideal, but I seriously wonder if a busy IPR group SB> will provide update (2) and (3). Given the application number SB> anyone interested can find the (2)and (3) for themselves. SB> Again the principle of minimizing the work of third parties
I think I mostly agree personally. But without further input from others, I don’t think a change is warranted.
* Question from Stewart Bryant on Jan 24, regarding Section 5.7:
5.7. Disclosures for Oral Contributions. .... then the Contributor must accompany such oral Contribution with an oral declaration that he/she is aware of relevant IPR in as much detail as reasonably possible SB> I do not recall ever seeing a purely verbal disclosure, and wonder SB> what the process is, how this is archived and how it is discovered?
Sometimes it happens that a presenter makes a statement, e.g. that the audience should note that some IPRs may apply and that a written declaration is forthcoming.
* Question from Stewart Bryant on Jan 24, regarding Section 6:
There may be cases in which individuals are not permitted by their employers or by other factors to disclose the existence or substance of patent applications or other IPR. Since disclosure is required for anyone making a Contribution or participating in IETF activities, a person who is not willing or able to disclose IPR for this reason, or any other reason, must not contribute to or participate in IETF activities with respect to technologies that he or she reasonably and personally knows to be Covered by IPR which he or she will not disclose, unless that person knows that his or her employer or sponsor will make the required disclosures on his or her behalf. SB> Doesn't this have implications for those that work or have SB> previously worked in the defence sector? Do we really wish SB> to potentially exclude such individuals? I am not sure how SB> we deal with the situation, but I am concerned about unintended
I think this is a choice that the community has wished to make, and I personally believe it is also the only thing we can actually do. It is not about excluding anyone, but the IETF’s IPR rules are actually very easy to satisfy for most participants (cf. SDOs that would require granting RF license to other members of the SDO, for instance). If this fundamental basis cannot be complied to, then maybe it is best that one stays away from that topic. Do note that it is indeed just that topic, not the whole IETF.
* Observation from Stewart Bryant on Jan 24, regarding Section 7:
7. Evaluating Alternative Technologies in IETF Working Groups In general, IETF working groups prefer technologies with no known IPR claims or, for technologies with claims against them, an offer of royalty-free licensing. However, to solve a given technical problem, IETF working groups have the discretion to adopt a technology as to which IPR claims have been made if they feel that this technology is superior enough to alternatives with fewer IPR claims or free licensing to outweigh the potential cost of the licenses. To assist these working groups, it is helpful for the IPR claimants to declare, in their IPR Declarations, the terms, if any, on which they are willing to license their IPR Covering the relevant IETF Documents. SB> I really do not see how a WG can properly apply the above considerations SB> given that it is not permitted to discuss the financial terms SB> Historically this may have been less important, but with IoT this changes. SB> what would be a reasonable cost in a core router can be a showstopper
Perhaps, but I don’t see another alternative. Standards organisations cannot really become the negotiation platform for IPR costs, for a myriad of reasons starting from competition law.
* Question from Stewart Bryant on Jan 24, regarding Section 12:
12. Security Considerations This memo relates to IETF process, not any particular technology. There are security considerations when adopting any technology, whether IPR-protected or not. A working group should take those security considerations into account as one part of evaluating the technology, just as IPR is one part, but there are no known issues of security with IPR procedures. SB> I wonder if this is entirely correct. How about someone who owns SB> IPR silently waiting until deployment and then getting an IPR SB> based shutdown order? With nations and quasi nations applying unconventional SB> warfare, I suspect that there is a potential IPR attack vector.
I think we are already covered for that. You have to declare if you are a participant, or else you are breaking the rules. Once you break the rules, but still attempt to use the court system to collect license fees, your actions will be picked out and potentially used against you. And if you are not a participant, no rules that IETF can employ apply to you.
There is no question IPR claims cannot have economical and other impacts, and the behaviour of the players certainly affects this. I don’t think we need to write this in the RFC, however.
* David Rudin asked the following about two implementations on January 26:
"If the two unrelated implementations of the specification that are required to advance from Proposed Standard to Standard have been produced by different organizations or individuals, or if the "significant implementation and successful operational experience" required to advance from Proposed Standard to Standard has been achieved, the IESG will presume that the terms are reasonable and to some degree non-discriminatory. Note that this also applies to the case where multiple implementers have concluded that no licensing is required." It's not clear to me what IETF gains by making this presumption, especially given that the availability of two or more implementations does not mean that the implementers did any patent due diligence or licensing around the implementation. It does, however, potentially expose IESG to risks in the event of patent litigation if implementers are basing their decisions on IESG's presumption.
As noted by Scott, these requirements are not new. Scott also argued that the time for changing this assumption is not now. And I agree. And Brian Carpenter opposed changing the assumption, on the basis of practical evidence rather than getting into the business of validating claims or assessing license conditions.
I made some additional questions to a few participants in the discussion, and found out that changes in text would cause indigestion for several participants. Hence I recommend no changes.
EDITORIAL
* Suggestions from Brian Carpenter in private e-mail on Jan 15:
[1]Eggert [2]Resnick
These citations are a bit mysterious…
Remove. That was an oversight.
* Question from Stewart Bryant on Jan 24, regarding the list in Section 1 item b.
SB> It is interesting that you exclude WG Chairs from the list of SB> officials that you call out, and yet they can be a key player in SB> in deciding whether an encumbered technology progresses or not. SB> Would it not be cleaner to express this in terms of "officials”?
I will leave this to the editors to adopt or not, but I personally would be OK adding “A working group chair(s), on behalf of their work working group”.
* Suggestions from Pete Resnick in private e-mail on Feb 2:
16 1.m: s/features/permanence
Adopt
Adopt
16 8: Got the section number and title wrong here. It should say, "9. - Licensing Requirements (was 10) - Wording updated to reflect RFC 6410”
Adopt
The first sentence of 5.4.2(A) is really hard to read because there's a long subordinate clause. I think it would read better if you used the same words and just reversed the order: A. An IPR disclosure must be updated or a new disclosure made promptly after any of the following has occurred unless sufficient information to identify the issued patent was disclosed when the patent application was disclosed: A. Unless sufficient information to identify the issued patent was disclosed when the patent application was disclosed, an IPR disclosure must be updated or a new disclosure made promptly after any of the following has occurred:
Adopt.
* Suggestion from Stewart Bryant on Jan 24, regarding Section 5.5:
5.5. Licensing Information in an IPR Disclosure A. Since IPR disclosures will be used by IETF working groups during their evaluation of alternative technical solutions, it is helpful if an IPR disclosure includes information about licensing of the IPR in case Implementing Technologies require a license. Specifically, it is helpful to indicate whether, upon approval by the IESG for publication as an RFC of the relevant IETF specification(s), all persons will be able to obtain the right to implement, use, distribute and exercise other rights with respect to an Implementing Technology a) under a royalty-free and otherwise reasonable and non- discriminatory license, or b) under a license that contains reasonable and non-discriminatory terms and conditions, including a reasonable royalty or other payment, or c) without the need to obtain a license from the IPR holder (e.g., a covenant not to sue). SB> One of the most popular IPR terms is so called MAD. It is surprising SB> that you do not call this out. conditions include 1) terms that are fair, reasonable and non- discriminatory, and which may bear royalties or other financial obligations (FRAND or RAND); 2) royalty-free terms that are otherwise fair, reasonable and non-discriminatory (RAND-z); and 3) commitments not to assert declared IPR. SB> One of the most common (at least in the Routing area) is non-assert SB> unless the other party asserts (so called MAD)
Personally, I don’t view MAD as a term quite in the same style and technical specificity as, say, RAND or RF. I would suggest not adopting this.
(Non-assert on the other hand is a more technical term, but I also have not seen calls for adding that from others.)
* Editorial suggestions from Brian Carpenter in his Gen-ART review on January 26:
7. Evaluating Alternative Technologies in IETF Working Groups
technology in violation if this principle if there is a very good
s/if this principle/of this principle/
Adopt
13. Changes Since RFC 3979 and RFC 4879
16. Changes Since RFC 3979
Should the preamble to these sections state that they are provided for informational purposes only and that in case of doubt the text of sections 1-12 prevails? Should these two sections be merged?
Yes. Adopt both suggestions.
* Pete Resnick’s review suggested the following edits to Section 4.1:
* Pete Resnick suggested to put back the material from
RFC 3979 Section 4.1 that were deleted from the
previous RFC (April 11), which we’ve also done.
4(D) in the new version. Thanks for that. I see that the section title and first sentence of 4(D) are the text from -08 instead of the original text from 3979. That's OK, but personally, I think the section title has gotten unwieldy and the changes to the first sentence make it somewhat less clear. I'd suggest just eliminating the title (so it matches the form of A, B, and C) and putting the example into the first sentence: D. Determination of Provision of Reasonable and Non-discriminatory The IESG will not make any determination that any terms for the use of an Implementing Technology has been fulfilled in practice. D. The IESG will not make any determination that any terms for the use of an Implementing Technology (e.g., the assurance of reasonable and non-discriminatory terms) has been fulfilled in practice. It will instead...
These should be adopted.
* Pete Resnick’s review said:
* Pete Resnick had a concern on adding the word “all” to Section 7
(April 11). This was an oversight, and has been corrected.
Thanks for that. Personally, I don't think the extra text at the end of that paragraph that went in as of -09 really adds anything. 3979 already said that there is a consensus that MTI security must be royalty-free, so of course there would need to be a consensus to do otherwise. I'm in favor of sticking to the language of 3979 unless something really changed or clarification is truly necessary, so I'd ask to remove the new stuff. That said, I won't go to the mat about this change if folks want it in there, but if we go with the new text, please fix the typo: s/in violation if this principle/in violation of this principle
I think we are OK either way, and I will leave the choice to the editors.
* Pete Resnick notes about the change notes:
update abstract to make it clear that this document replaces RFC 2026
If we're going to do that, we should probably do it the same way that 3979 did:
replaces section 10 of RFC 2026 and obsoletes RFC 3979 and RFC 4879.
updates RFC 2026 and, with RFC 5378, replaces Section 10 of
RFC 2026. This memo also obsoletes RFC 3979 and RFC 4879.
BTW: Whichever text is used should probably also be used in the last sentence of the first paragraph of section 2. It still uses the previous language there.
In Sec. 3.1, added sentence about WGs that summarizes ideas from Sec.
That's fine, but in that sentence, please change "possible" to "reasonably possible". In other places in the document it's used informally, but 3.1 is a statement of the "General Policy", so we should be a bit more precise.
* Pete Resnick’s minor editorial suggestions from January 26:
In section 1, in the definition of "Contribution", "this definition" changed to "this specification". I think I see why that was done (to avoid confusing whether "this definition" is referring to the definition of "Contribution" or the definition of entire document.) But calling either of those a "specification" is a bit weird, especially considering that in context, every other use of "specification" in this document is about a technical specification. I'd suggest either changing "this definition" to "this policy" if the intention is the entire document, or "this definition of Contribution" if that's what's meant.
Please adopt “this policy”.
* Pete Resnick’s minor editorial suggestions from January 26: Also, there were a couple of minor changes in 5.2.2. In both instances, please change "Covers" to "may Cover". I actually think that makes it stronger and leaves less ambiguity: What triggers the disclosure is that you simply realize that IPR may cover the contribution; you don't have to come to some sort of grand final determination that it does surely cover (and how could you know that for sure anyway?).
Right. Adopt this.
* Russ Housley’s suggestions from Feb 7:
In Section 7, please provide pointers for FRAND, RAND, and RAND-z. In Section 11, please drop “legal” from the first sentence in the second paragraph:
These should be adopted.
* Russ Housley’s editorial nits from Feb 7:
I see “this memo” and “this document”. Either one is fine with me, but please pick one and use it throughout. Section 2: s/IETF and its Participants/IETF and IETF Participants/ Section 5.2.3: s/IETF area directors/IETF Area Directors/ Section 5.3: s/RFC-Editor/RFC Editor/ Please remove the period at the end of the heading for Section 5.4.2. Section 5.4.2: s/drafts/Internet-Drafts/ Section 5.4.2, paragraph A: s/application (3)/application, (3)/ s/application ), (4)/application, (4)/ Section 5.4.2, paragraph D: s/submit to IETF an update/submit an update/ s/Secretariat/IETF Secretariat/ (several places) Section 5.5, paragraph A: s/non- discriminatory/non-discriminatory/ s/IPR that is (a) owned/IPR that (a) is owned/ s/ or (b) that such persons/; or (b) persons/ s/ or (c) that such persons/; or (c) persons/ s/, or (d) in the case of an individual, the individual/; or (d) an individual/ Section 6: s/violation of IETF process/violation of the IETF Standards Process/ Section 7: s/Working groups and areas may/IETF Areas and IETF working groups/
These should be adopted.
|