IETF Logo Mail Archive

Re: FSF's comment on draft-housley-tls-authz-extns

John Sullivan <johns@fsf.org> Tue, 24 February 2009 16:42 UTC

Return-Path: <johnsu01@wjsullivan.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AEBE73A6804 for <ietf@core3.amsl.com>; Tue, 24 Feb 2009 08:42:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X-J1DrgsUHtB for <ietf@core3.amsl.com>; Tue, 24 Feb 2009 08:42:14 -0800 (PST)
Received: from mail.fsf.org (mail.fsf.org [140.186.70.13]) by core3.amsl.com (Postfix) with ESMTP id AC3313A6826 for <ietf@ietf.org>; Tue, 24 Feb 2009 08:42:14 -0800 (PST)
Received: from jumpgate.fsf.org ([66.92.78.11]:56390 helo=ashbery.wjsullivan.net) by mail.fsf.org with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <johnsu01@wjsullivan.net>) id 1Lc0MT-0005dV-N6; Tue, 24 Feb 2009 11:42:28 -0500
Received: from johnsu01 by ashbery.wjsullivan.net with local (Exim 4.69) (envelope-from <johnsu01@ashbery.wjsullivan.net>) id 1Lc0MG-00014b-Kh; Tue, 24 Feb 2009 08:42:12 -0800
From: John Sullivan <johns@fsf.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: FSF's comment on draft-housley-tls-authz-extns
References: <87skmknar8.fsf@ashbery.wjsullivan.net> <p0624084fc5b902123543@[165.227.249.206]>
Date: Tue, 24 Feb 2009 08:42:09 -0800
In-Reply-To: <p0624084fc5b902123543@[165.227.249.206]> (Paul Hoffman's message of "Wed\, 11 Feb 2009 15\:01\:49 -0800")
Message-ID: <87ljrv4wim.fsf@ashbery.wjsullivan.net>
Lines: 63
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/23.0.60 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-detected-operating-system: by mail.fsf.org: GNU/Linux 2.6 (newer, 2)
X-Mailman-Approved-At: Wed, 25 Feb 2009 08:49:42 -0800
Cc: John Sullivan <johns@fsf.org>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2009 16:42:15 -0000

Paul Hoffman <paul.hoffman@vpnc.org> writes:

> At 12:28 PM -0500 2/11/09, John Sullivan wrote:
>>The Free Software Foundation and the GNU Project oppose publication
>>of "Transport Layer Security (TLS) Authorization Extensions"
>>(draft-housley-tls-authz-extns) as a proposed standard. We do not
>>think that RedPhone Security's 1026 disclosure filing provides
>>sufficient assurance to free software users that they will not be
>>considered in violation of RedPhone's patent.
>
> Serious question: what about every other protocol for which there are IPR claims in the IETF IPR repository? I suspect that most of those IPR statements do not give sufficient assurance to free software users that they will not be considered in violation of various patents.
>
> That is, you have made a call to action on one particular document: what about the rest of the ones that have IPR claimed on them?
>

That's a fair question -- we act on these issues as best we can, as they
come to our attention and according to their potential impact on free
software. This one in particular affects an important free software
project directly. We will continue doing our best to examine others and
respond to suggestions that people send us.

>>In response to a previous RedPhone patent disclosure, GnuTLS removed
>>its support for these authorization extensions. The updated
>>Licensing Declaration does not provide assurance sufficient for
>>GnuTLS to restore this support, and the same unfortunately holds
>>true for any other software maintained by the GNU Project.
>
> Maybe that will lead you to think that you should just not implement
> the authorization extensions. Why does the standards status of the
> eventual RFC affect your implementation decisions? This is an age-old
> rathole^Wdebate in the IETF, but one that most participants have
> answered for themselves.
>

I'm not sure I understand this point -- the existence of the patent, as
disclosed through this process, forced the change in implementation
decision -- we were advised that the patent could apply to GNU projects
in this area.

>>On a broader note, we'd like to suggest that the IETF consider the
>>impact of of patents and copyrights on proposed standards
>>specifically and separately, instead of under the umbrella of IPR or
>>"intellectual property."
>
> This sounds like you are suggesting that we spend much more time on
> our process to satisfy people who only contribute to the discussion
> (if I can call the recent mail flood a "contribution") only every few
> years. Please understand that we might not like that suggestion, any
> more than if we suggested to the FSF that they do extensive patent
> research on every protocol and format that is embodied in any
> GNU-licensed software anywhere.
>

No, we suggest this not to satisfy specific people but because we
honestly believe that it would improve the process -- intellectual
property is a loaded term that frames these discussions in a way that
favors particular points of view. 


-- 
John Sullivan
Manager of Operations
GPG Key: AE8600B6

v2.23.0 | Report a Bug | By Email