Re: Withdrawal of Approval and Second Last Call: draft-housley-tls-authz-extns (fwd)

[Simon Josefsson <simon@josefsson.org>]

Forwarded on behalf of Dean.

/Simon

Dean Anderson <dean@av8.com> writes:

> Simon, could you please forward this to the IETF list for me?
>
> Thanks,
>
> 		--Dean
>
> ---------- Forwarded message ----------
> Date: Fri, 27 Apr 2007 22:49:51 -0400 (EDT)
> From: Dean Anderson <dean@av8.com>
> To: Thierry Moreau <thierry.moreau@connotech.com>
> Cc: ietf@ietf.org, mark@redphonesecurity.com,
>      Simon Josefsson <simon@josefsson.org>, ietf@ietf.org, iesg@ietf.org
> Subject: RE: Withdrawal of Approval and Second Last Call:
>     draft-housley-tls-authz-extns
>
> On Fri, 27 Apr 2007, Thierry Moreau wrote:
>
>> Thus, look at the claims. Indeed, it 
>> needs training to read issued patent and patent applications, but that's 
>> the name of the game.
>
> The claims are important. But they aren't the only thing. The
> description of the invention (the specification) is a technical paper
> like any other, though nothing is left as an exercise for the reader.
> The specification and drawings are usually written by the inventor,
> perhaps with editing and prodding by a lawyer. The lawyer usually writes
> the claims.  A small amount of legal background and terminology is
> sufficient to understand the claims---its a language that helps abstract
> the elements of the invention so that an infringement can be tested
> objectively against the claims. BTW, the patent examiner is usually not
> a lawyer, but a scientist.
>
>> I don't see a logical relation between PAS functions and the patent 
>> application claims (it doesn't mean there isn't one). 
>
> There isn't any relation beyond, 'A isn't patented, but B is'.  
> RedPhoneSecurity is saying that if you don't do A, it will give you
> permission to do B (maybe for free for now, maybe not later). Of course,
> they want to make money somehow: probably they bet you'll want to do A
> if you do B according to their proposal, and they will be happy to sell
> you A. at that time.  Of course, if this doesn't work out, the
> technology probably gets sold, and the new owner might not give our free
> licenses anymore.  Business conditions can change.
>
>> The ietf IPR disclosure 833 seems to be trying to force contractual
>> obligations (assisting the enforcement of protected PAS functions)
>> based on an assumed infringement threat which would induce some
>> real/moral person to become a party to the contract (GUL).
>
> More or less, Yes. Though it isn't the disclosure that forces this. Its
> the patent in combination with the standard.  They are using this to
> leverage to protect their PAS functions, which they obviously think have
> the real added value.
>
> They may be trying to patent the PAS functions, too, for all we know.  
> Its hard to say, from our vantage point, what their interests are in the
> the deal.  But they are interested in negotation to obtain a standard; 
> it stands to reason, they expect to benefit.  We can deduce some things.
>
> They will have a monopoly on the PAS functions by virtue of anyone who
> doesn't license the patent and agree not to implement the PAS functions,
> will be barred by the patent if they conform to the RFC--assuming we
> accept the RFC as is, of course. So one is in the position of either
> implementing non-standard behavior, or agreeing to non-competition with
> RedPhoneSecurity. That's quite an advantage for RedPhoneSecurity.  
> That's probably worth a great deal of money, even.
>
>> I'm always astonished to see ietf discussions about IPR so remote from 
>> simple IPR management basics.
>
> Yes.
>
>> I looked at the specifics of the patent application, and "specification 
>> as filed" in the provisional application. Assuming the 5 independent 
>> claims are valid, 
>
> You mean the 50 claims. There are 5 on the first page alone.
>
>> I expect the patentholder would have great difficulty 
>> in establishing infringement against a source code maintainer 
>> organization for software maintenance and distribution activities.
>
> This is a gray area. I staked out a position on the openssl distribution
> years ago that source code is the same as the patent application
> itself---protected public information.  The patent holder cannot
> prohibit the distribution of the patent documents. The holder cannot
> prohibit a book describing the invention.  But the patent holder can
> prohibit anyone (except the government) from using their invention. They
> are under no obligation to license at all (IBM is well-known to patents
> stuff and sit on it--They invented RISC in the 70's and sat on it), and
> are also under no obligation to license fairly or reasonably.
>
> The 64million dollar question is whether a source code infringes. I can
> assure you that I have discussed the issue with very educated and
> prominent patent attorneys who think that a source code implementation
> [key word 'IMPLEMENTATION'] does infringe---plainly, using the source
> code infringes.  You see the question: is source code an
> 'implementation' or a 'specification'?  I say it is a "specification":  
> The patent specification also contains a sequence of steps just like a
> program. The patent specification itself is software of a sort. I say it
> becomes an implementation when you use it.  None of these attorneys were
> interested in testing their assertions with the openssl distribution,
> and those patents have since expired.  
>
> There are some very good attorneys who agree with me, too. But I've also
> been called bad names and threatened with violence for holding views on
> law that I am way more sure of winning. [e.g. that ECPA applies to ISPs,
> that anti-trust applies to blacklists, etc]
>
> The law has actually gotten a bit worse in some ways, in that the RIAA
> and others have won cases against those assisting or enabling
> (copyright) infringing activities. This could change the balance
> affecting source code distributors and patents.  Its a riskier bet now
> than it was when I was distributing openssl source in the 90's.  While
> the LPF and others have convinced many key patent constituencies that
> the patent system needs to be fixed, and I am confident that it will
> eventually get fixed, the situation has gotten worse in some ways and
> this is one ways its worse.
>
>
> 		--Dean
>
> -- 
> Av8 Internet   Prepared to pay a premium for better service?
> www.av8.net         faster, more reliable, better service
> 617 344 9000   

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf