Re: RE proposed standard draft-housley-tls-authz-extns-07

Ryan McIntosh <ryan@peaceworks.ca> Thu, 12 February 2009 13:54 UTC

Return-Path: <ryan@peaceworks.ca>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 322633A6902 for <ietf@core3.amsl.com>; Thu, 12 Feb 2009 05:54:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.016
X-Spam-Level:
X-Spam-Status: No, score=-0.016 tagged_above=-999 required=5 tests=[AWL=0.282, BAYES_00=-2.599, HTML_MESSAGE=0.001, MANGLED_SFTWRE=2.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cs0DkqqKdf+7 for <ietf@core3.amsl.com>; Thu, 12 Feb 2009 05:54:48 -0800 (PST)
Received: from zimbra.stcf.peaceworks.ca (stcf.peaceworks.ca [216.16.241.154]) by core3.amsl.com (Postfix) with ESMTP id 70F853A6803 for <ietf@ietf.org>; Thu, 12 Feb 2009 05:54:48 -0800 (PST)
Received: from localhost (zimbra.stcf.peaceworks.ca [127.0.0.1]) by zimbra.stcf.peaceworks.ca (Postfix) with ESMTP id 5CF4B9C01A for <ietf@ietf.org>; Thu, 12 Feb 2009 08:54:51 -0500 (EST)
X-Virus-Scanned: amavisd-new at
Received: from zimbra.stcf.peaceworks.ca ([127.0.0.1]) by localhost (zimbra.stcf.peaceworks.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WsCynC0deh45 for <ietf@ietf.org>; Thu, 12 Feb 2009 08:54:44 -0500 (EST)
Received: from zimbra.stcf.peaceworks.ca (zimbra.stcf.peaceworks.ca [127.0.0.1]) by zimbra.stcf.peaceworks.ca (Postfix) with ESMTP id C870E9C019 for <ietf@ietf.org>; Thu, 12 Feb 2009 08:54:44 -0500 (EST)
Date: Thu, 12 Feb 2009 08:54:44 -0500
From: Ryan McIntosh <ryan@peaceworks.ca>
To: ietf@ietf.org
Message-ID: <8382888.471234446884580.JavaMail.root@zimbra>
In-Reply-To: <20090212024718.7350F6BE550@mercury.lcs.mit.edu>
Subject: Re: RE proposed standard draft-housley-tls-authz-extns-07
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_3_20699752.1234446884578"
X-Originating-IP: [172.16.42.13]
X-Mailer: Zimbra 5.0.5_GA_2201.DEBIAN4.0 (zclient/5.0.5_GA_2201.DEBIAN4.0)
X-Mailman-Approved-At: Thu, 12 Feb 2009 15:01:04 -0800
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2009 13:54:50 -0000

Thank you, Noel, for the followup.

I would like you to realize, though, that many people will see a vast difference between approving a standard that may (or may not) be encumbered by an unforeseen patent and knowingly approving a standard with strings attached.  The difference is one of the reasons the FSF exists - to promote the awareness that patenting of software hinders progress.  In this case, RedPhone's licensing of TLS-authz (which looks to be a widely adoptable standard) is incompatible with GPL, LGPL, Mozilla 1.1, and Apache2.0 licenses due to restrictions in field-of-use.

The reason that hundreds of people wrote in at the last minute, Noel, is because they were concerned.  They were concerned because of a push from the FSF, and though the effect was irritating to those of you on the list, the impetus was valid.   TLS-authz per this standard cannot be integrated into Free Software - which is a major problem for anyone using a monolithic software or a software without a plugin architecture that would including the functionality outside the application's license.  If the IETF had detected these problems - namely that the patent license required was incompatible with the licensing of some double-digit percentage of the software effected - than we wouldn't have bombed your list at the last minute in a last attempt to apprise you to this problem.

Your quote: 
It is also worth remembering that almost no technology is unencumbered these days. Indeed, we mostly don't know when it is. So it's pretty naive to think that the IETF (or anyone) can only approve unencumbered technology (despite what we may wish).

Is invalid.  What this states is equivilent to "Eating an apple that might be rotten tastes as bad as eating an apple that we know is."


peace,

Ryan McIntosh
Software Architect
PeaceWorks Computer Consulting
ph: (204) 480-0314
cell: (204) 770-3682
ryan@peaceworks.ca

----- Original Message -----
From: Noel Chiappa 
To: ryan@peaceworks.ca
Cc: jnc@mercury.lcs.mit.edu
Sent: Wed, 11 Feb 2009 21:47:18 -0500 (EST)
Subject: Re: RE proposed standard draft-housley-tls-authz-extns-07

  > My apologies, Noel.

Don't worry about it. It's really the FSF who is guilty - they suckered you
all into doing their dirty work.

  > Just so it's clear - my comments were in support of Free Software, not the
  > Free Softw are Foundation.

Got it - and in fact, tqhe major, important and consequential contributions of
the free software community as a whole are well understood by most IETF
people, and many of us are therefore receptive to their concerns - but those
concerns need to be expressed in an effective manner.

  > Please, advise as to the proper forum for voicing my concerns regarding
  > the potential encumberance of a suggested standard by patented
  > software if not the mailing list for your organization.p

The problem is that our process is set up all wrong for that kind of
interaction. A lot of these decisions are complicated, and so it doesn't
really work well to come in at the end, after everyone else has looked at a
lot of different issues and tradeoffs, and hammered out something that meets
everyone's goals, and ask that things be changed...

As a result, the IETF almost _can't_ have a good mechanism for receiving
'outside' comments at the last moment. The thing is that the IETF is so open
(there is no fee to join a list, or any kind of qualification) that we've
always asumed the best way to influence work on an IETF standard is to just
be on the inside!

That means joining the mailing list for the Working Group that's developing
the standard, and give your opinion while the WG is still working on it. Yes,
this means people have to somehow find out that a WG exists, spend time
paying attention to it, etc. Of course, not everyone can manage to do that.

On the other hand, if people come in at the end, then you're back to the
'everyone went round and round and hammered this out, and now you want us
to change it' problem. Sigh...


Also, you may find the attached message from another IETFer to provide some
insight into our attitude about encumbered standards.

Here's another point for you: we have had cases were we approved a spec, and
_after_ it was implemented and deployed, it turned out someone outside the
IETF had filed a patent application that bore on it, one we had no idea
existed (the US used to not make applications public) - we call them
'submarine patents' (for the obvious reason).

So we can't _guarantee_ that a spec has no encumbrances _anyway_.

  Noel


--------


 From: Thomas Narten 
 Date: Wed, 11 Feb 2009 09:16:23 -0500

The basic process is that when IPR is known to exist, the IETF (and/or
the WG where the work is being developed) consider the IPR disclosure
along with the licensing terms, and any other issue they deem
relevant. They then decide whether to:

 -- reject the technology outright, because the IPR is simply too
  problematic to have in that particular standard.

 -- Try to work around the IPR by changing the technology to not
  infringe the IPR (usually hard or impossible to do, for several
  reasons)

 -- Accept that there is IPR, but publish in the experimental or
  information category, rather than on the Standards Track.

 -- Accept that there is IPR but publish as a standard anyway. This is
  done when it is believed having a standard is important, and that
  the IPR is not sufficient grounds to torpedo the entire effort. If
  the IPR proves to be too onerous in practice for folk to implement
  (whether vendors or open source), the standard goes nowhere. That
  is often a fine way for the situation to work out. "Let the market
  decide". And, it is worth noting, that the open source community
  does play an important role here, because if they won't implement
  a technology, that can be enough to prevent the technology from
  obtaining critical mass.

It is also worth remembering that almost no technology is unencumbered
these days. Indeed, we mostly don't know when it is. So it's pretty
naive to think that the IETF (or anyone) can only approve unencumbered
technology (despite what we may wish).