Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs

Alan DeKok <aland@deployingradius.com> Sat, 30 March 2019 13:34 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 018291201B3 for <emu@ietfa.amsl.com>; Sat, 30 Mar 2019 06:34:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1P-_nEwWrYRo for <emu@ietfa.amsl.com>; Sat, 30 Mar 2019 06:34:21 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 25D981201AC for <emu@ietf.org>; Sat, 30 Mar 2019 06:34:21 -0700 (PDT)
Received: from [192.168.46.58] (198-84-237-221.cpe.teksavvy.com [198.84.237.221]) by mail.networkradius.com (Postfix) with ESMTPSA id 82676363; Sat, 30 Mar 2019 13:34:19 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <20357.1553893062@dooku.sandelman.ca>
Date: Sat, 30 Mar 2019 09:34:17 -0400
Cc: emu@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A358E18-F3C3-40FF-BF87-DEB963549BE8@deployingradius.com>
References: <CAOgPGoBGZWbyHYybnMUbKG77Mei3yBOS1HyS4Uso1HKgxq1VNg@mail.gmail.com> <20357.1553893062@dooku.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/0lRljb7QTnMVL9qNnz1ynF8oKC0>
Subject: Re: [Emu] EAP-AKA' and Re: WG adoption call for draft-arkko-eap-aka-pfs
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2019 13:34:24 -0000

On Mar 29, 2019, at 4:57 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> I followed the link to the IPR page, but I have not (and won't) read the
> patent.  Having read the pseudo code in section 6.3, I can't see how it's
> significantly different than IKEv2.  If there is something novel here, I
> don't know what it might be.
> 
> I found it interesting the IPR claim has the word "Possible", which
> kind of makes one wonder:
>    Reasonable and Non-Discriminatory License to All Implementers with
>    Possible Royalty/Fee
> I think that it is a template though, not something they chose.
> The difference between RAND and RF is significant to open source projects.

  Very much so.  Especially since few projects have funding, much less funding to pay for things like this.

> If draft-arkko-eap-aka-pfs is important, I think it should be folded into
> draft-ietf-emu-rfc5448bis.  It seems terribly useful to me, and if we are
> going to have it, I'd rather have it by default.

  I'm OK with them being two separate documents, but they should be closely tied.

> Compared to when EAP-AKA was defined, the use of open source systems to
> enable roaming is very very very significant.  If open source eco-systems
> feel there is FUD here, then I think it is important to think hard.

  The patent issues are non-trivial.

  Let's be realistic about the IETF.  While we pretend that we have individual contributors, the reality is that large companies fund huge chunks of it.  Those companies effectively shield individual contributors from patent lawsuits.  i.e. no one will sue an employee of Cisco about a standard, they will instead sue Cisco directly.

  Michael and I have no such protection.  As an implementor of EAP-SIM and EAP-AKA, he may be personally liable.  As the person hosting the web site and source code, I may also be personally liable.

  That liability means we're very concerned about these issues.  In contrast, a Cisco employee might be "personally involved" in litigation by being deposed.  During work hours, while getting paid a normal salary.

  And realistically, Open Source has driven the explosion of tech companies in the past 10 years.  I think few companies could have been profitable if they had paid license fees for an OS, web server, etc.  So there should be a vested interest in protecting open source as part of the IETF standardization process.

> Entities that want 5G to succeed, should think hard about whether litigating
> this patent is more important than 5G succeeding for roaming.

  That's assuming the litigation group talks to the engineering group.  Large companies can have internal groups at odds with each other.

> Finally, I want to point to: https://lwn.net/Articles/780078/

  It may take $1M to get to the point where such legal arguments matter.  That rules out such a defence for me.

  Alan DeKok.