Re: draft-housley-tls-authz-extns-07.txt to Proposed Standard

Aaron Williamson <aaron@copiesofcopies.org> Wed, 11 February 2009 20:43 UTC

Return-Path: <aaron@copiesofcopies.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1980F3A6783 for <ietf@core3.amsl.com>; Wed, 11 Feb 2009 12:43:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DU3FIjoiZPPG for <ietf@core3.amsl.com>; Wed, 11 Feb 2009 12:43:43 -0800 (PST)
Received: from mail.sflc.info (mail.sflc.info [216.27.154.199]) by core3.amsl.com (Postfix) with ESMTP id 30FD93A6B2B for <ietf@ietf.org>; Wed, 11 Feb 2009 12:43:43 -0800 (PST)
Received: from [10.2.67.160] (thurgood-marshall [10.18.73.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sflc.info (Postfix) with ESMTP id 080C72068DEAA; Wed, 11 Feb 2009 15:43:47 -0500 (EST)
Message-ID: <49933883.5050501@copiesofcopies.org>
Date: Wed, 11 Feb 2009 15:43:47 -0500
From: Aaron Williamson <aaron@copiesofcopies.org>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: ned+ietf@mauve.mrochek.com
Subject: Re: draft-housley-tls-authz-extns-07.txt to Proposed Standard
References: <73E1DD05-C75B-47F5-92C5-21780818C0F7@colt.net> <01N5DDS79IA800007A@mauve.mrochek.com>
In-Reply-To: <01N5DDS79IA800007A@mauve.mrochek.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2009 20:43:44 -0000

ned+ietf@mauve.mrochek.com wrote:
> I completely disagree with this assessment. The points you mention are quite
> specifically talking about Agreements, not certificates.

Yes, this is obviously right, "Agreements" are not certificates.  But I don't
think it's clear that storing Agreements covers only "a fairly specific set of
use cases."  Since Agreements include contracts and negotiable instruments, it
seems that it could encompass most uses in e-commerce: for example an online
store that requires buyers to use authorizations when making a purchase, and
then stores the transaction details along with the authorization data.

Sales transactions are a central use case for TLS, are they not?  If online
sales using the authz extensions are not within the scope of term 3, I don't
think it is at all clear from the IPR Statement, and the onus should be on
RedPhone to clarify this.  If they are, I think RedPhone's restrictions can
hardly be said to apply only to corner cases.

Aaron