Re: [Cfrg] Editing work on github of draft-ladd-safecurves

"Eggert, Lars" <> Thu, 16 January 2014 16:23 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 88A141AE35F for <>; Thu, 16 Jan 2014 08:23:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.44
X-Spam-Status: No, score=-7.44 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zyhTqBCtKWLU for <>; Thu, 16 Jan 2014 08:23:16 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 1E1A61AE24D for <>; Thu, 16 Jan 2014 08:23:16 -0800 (PST)
X-IronPort-AV: E=Sophos; i="4.95,668,1384329600"; d="asc'?scan'208"; a="137339427"
Received: from ([]) by with ESMTP; 16 Jan 2014 08:23:04 -0800
Received: from ([]) by ([]) with mapi id 14.03.0123.003; Thu, 16 Jan 2014 08:23:04 -0800
From: "Eggert, Lars" <>
To: Watson Ladd <>
Thread-Topic: [Cfrg] Editing work on github of draft-ladd-safecurves
Date: Thu, 16 Jan 2014 16:23:03 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-originating-ip: []
Content-Type: multipart/signed; boundary="Apple-Mail=_90CD09D6-00D9-48A1-BEF0-4E3A2BD6C61C"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Cc: David McGrew <>, "" <>
Subject: Re: [Cfrg] Editing work on github of draft-ladd-safecurves
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 16 Jan 2014 16:23:17 -0000


On 2014-1-16, at 16:29, Watson Ladd <> wrote:
> The only IPR issue is with patents, and I'm not incorporating new implementation
> methods.

that's great, but not really sufficient.

What matters is that others, who may actually believe that they hold IPR on something in your draft - whether that claim is valid or not (or sensible or not) - are put under an obligation to disclose this belief. That obligation only exists if such contributions are made to the IETF and IRTF. It does not exist when they make private comments to you personally.

The IETF process is carefully designed to bring such IPR claims into the open. That's valuable, and I'd hence recommending following it.

> With regards to copyright, so far it's been typos. I'll ask people to
> agree to license
> their contributions under the terms of BCP whatever it is before
> incorporating anything
> more substantive.

The IETF and IRTF already *have* a process that handles this automatically when such contributions are made on an IETF or IRTF mailing list, see BCP78. Why create more work for everyone involved?

> If your assessment of the draft depends on whether or not I work for the NSA,
> you are making a terrible mistake. At some point there will be a text
> freeze, for
> formal last call consideration. At that point, I hope you pretend
> every single word
> was written by an unholy consortium of everyone who ever wants to subvert
> a standard. Read it like a lawyer reading a deal with the devil.
> That suspicion and its discussion on the list is the best defense
> against mistakes and errors of all kinds.

I fully agree. However, information is lost when you incorporate ideas sent by third parties without being extremely diligent in acknowledging where they came from in the document. If you collect feedback on this list, everyone can follow who made what suggestion while the document is being worked on.

And then at the end, we still apply the "read it like a lawyer reading a deal with the devil"-approach.