Re: Review of draft-ietf-tls-authz-extns-07
Aaron Williamson <aaron@copiesofcopies.org> Wed, 11 February 2009 17:21 UTC
Return-Path: <aaron@copiesofcopies.org>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E4BB43A69D7 for <ietf@core3.amsl.com>; Wed, 11 Feb 2009 09:21:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.307
X-Spam-Level:
X-Spam-Status: No, score=-1.307 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MISSING_HEADERS=1.292]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id myXYUeb4VOsB for <ietf@core3.amsl.com>; Wed, 11 Feb 2009 09:21:56 -0800 (PST)
Received: from mail.sflc.info (mail.sflc.info [216.27.154.199]) by core3.amsl.com (Postfix) with ESMTP id E37893A6962 for <ietf@ietf.org>; Wed, 11 Feb 2009 09:21:55 -0800 (PST)
Received: from [10.2.67.160] (thurgood-marshall [10.18.73.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sflc.info (Postfix) with ESMTP id F0899206B5CC9 for <ietf@ietf.org>; Wed, 11 Feb 2009 12:21:58 -0500 (EST)
Message-ID: <49930937.5020209@copiesofcopies.org>
Date: Wed, 11 Feb 2009 12:21:59 -0500
From: Aaron Williamson <aaron@copiesofcopies.org>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
CC: ietf@ietf.org
Subject: Re: Review of draft-ietf-tls-authz-extns-07
References: <20090211053651.DE78450822@romeo.rtfm.com> <4992E676.20007@connotech.com> <87myctov4u.fsf@mocca.josefsson.org> <4992F79C.7080602@connotech.com>
In-Reply-To: <4992F79C.7080602@connotech.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2009 18:05:13 -0000
Thierry, > Do you have any guidelines / methodology / evaluation criteria / sources > of precedents or any other "sources of law"? According to those, one > could turn emprircal-observations-of-patent-holder-actions into a) an > evaluation whether to implement and/or b) an evaluation whether to adopt > as an IETF document (standards track / informational / experimental). If I read you correctly, you deride Simon because he considers this draft to carry patent risks but does not absolutely quantify those risks. But Simon is right that evaluating a patent is not an engineering exercise -- even if you are an expert in the relevant technology (as he is) and in the relevant law (as you are not), it is often impossible to determine whether a particular patent will be granted, and then whether it will be enforced against you by the patent holder, and then whether it will be upheld by a court. That Simon's reached one conclusion rather than another in this instance based in part on guesswork can hardly be blamed on his imprecision. Whether the patent eventually issues and includes the claims as stated in the application depends upon the quality of the examination by the patent office (it is widely recognized that the PTO is overworked and cannot devote sufficient time to each application). Whether the patent-holder will target a particular implementation depends upon the advice it's received from counsel and its own assessment of the risks and rewards. Whether the software developer (or user) can effectively parry even a very weak claim depends upon the resources of the developer (which in the case of free and open source software developers are often quite limited, as you might imagine). As Simon said, in any one or all three of these steps, the language of the patent claims themselves might be irrelevant. You are rightly concerned with how IETF can possibly make a decision one way or the other on a given disclosure when the question is so slippery. In short, an implementor can only have absolute certainty if he has an unequivocal license from the patent holder for himself and his users to make, use, and practice the claims. Any qualification of the license adds uncertainty, and the qualifications in RedPhone's statement create a good deal of uncertainty indeed. For example, it is difficult to imagine (though I am not myself an expert on TLS authorizations) an implementation of the proposed standard that would not "store Agreements and locate Agreements based on authorization data received from a sender, where Agreements are any legally recognizable and documented agreement between two parties." I understand that absolute certainty is not the aim of IETF. But I also believe that a significant proportion of the IETF constituency is concerned with enabling the development of free and open source software implementing IETF standards. Where, as I believe is the case here, an IPR disclosure from one of the drafters of the document offers insufficient certainty that such implementations are possible, the IETF should certainly take notice. Best regards, Aaron Williamson ISOC-NY
- Review of draft-ietf-tls-authz-extns-07 Eric Rescorla
- Re: Review of draft-ietf-tls-authz-extns-07 Thierry Moreau
- Re: Review of draft-ietf-tls-authz-extns-07 Scott Brim
- Re: Review of draft-ietf-tls-authz-extns-07 Thierry Moreau
- Re: Review of draft-ietf-tls-authz-extns-07 Simon Josefsson
- Re: Review of draft-ietf-tls-authz-extns-07 Thierry Moreau
- Re: Review of draft-ietf-tls-authz-extns-07 Aaron Williamson
- Re: Review of draft-ietf-tls-authz-extns-07 Simon Josefsson
- Re: Review of draft-ietf-tls-authz-extns-07 Thierry Moreau