Re: RE proposed standard draft-housley-tls-authz-extns-07
Ryan McIntosh <ryan@peaceworks.ca> Thu, 12 February 2009 13:54 UTC
Return-Path: <ryan@peaceworks.ca>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 322633A6902 for <ietf@core3.amsl.com>; Thu, 12 Feb 2009 05:54:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.016
X-Spam-Level:
X-Spam-Status: No, score=-0.016 tagged_above=-999 required=5 tests=[AWL=0.282, BAYES_00=-2.599, HTML_MESSAGE=0.001, MANGLED_SFTWRE=2.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cs0DkqqKdf+7 for <ietf@core3.amsl.com>; Thu, 12 Feb 2009 05:54:48 -0800 (PST)
Received: from zimbra.stcf.peaceworks.ca (stcf.peaceworks.ca [216.16.241.154]) by core3.amsl.com (Postfix) with ESMTP id 70F853A6803 for <ietf@ietf.org>; Thu, 12 Feb 2009 05:54:48 -0800 (PST)
Received: from localhost (zimbra.stcf.peaceworks.ca [127.0.0.1]) by zimbra.stcf.peaceworks.ca (Postfix) with ESMTP id 5CF4B9C01A for <ietf@ietf.org>; Thu, 12 Feb 2009 08:54:51 -0500 (EST)
X-Virus-Scanned: amavisd-new at
Received: from zimbra.stcf.peaceworks.ca ([127.0.0.1]) by localhost (zimbra.stcf.peaceworks.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WsCynC0deh45 for <ietf@ietf.org>; Thu, 12 Feb 2009 08:54:44 -0500 (EST)
Received: from zimbra.stcf.peaceworks.ca (zimbra.stcf.peaceworks.ca [127.0.0.1]) by zimbra.stcf.peaceworks.ca (Postfix) with ESMTP id C870E9C019 for <ietf@ietf.org>; Thu, 12 Feb 2009 08:54:44 -0500 (EST)
Date: Thu, 12 Feb 2009 08:54:44 -0500
From: Ryan McIntosh <ryan@peaceworks.ca>
To: ietf@ietf.org
Message-ID: <8382888.471234446884580.JavaMail.root@zimbra>
In-Reply-To: <20090212024718.7350F6BE550@mercury.lcs.mit.edu>
Subject: Re: RE proposed standard draft-housley-tls-authz-extns-07
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_3_20699752.1234446884578"
X-Originating-IP: [172.16.42.13]
X-Mailer: Zimbra 5.0.5_GA_2201.DEBIAN4.0 (zclient/5.0.5_GA_2201.DEBIAN4.0)
X-Mailman-Approved-At: Thu, 12 Feb 2009 15:01:04 -0800
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2009 13:54:50 -0000
Thank you, Noel, for the followup. I would like you to realize, though, that many people will see a vast difference between approving a standard that may (or may not) be encumbered by an unforeseen patent and knowingly approving a standard with strings attached. The difference is one of the reasons the FSF exists - to promote the awareness that patenting of software hinders progress. In this case, RedPhone's licensing of TLS-authz (which looks to be a widely adoptable standard) is incompatible with GPL, LGPL, Mozilla 1.1, and Apache2.0 licenses due to restrictions in field-of-use. The reason that hundreds of people wrote in at the last minute, Noel, is because they were concerned. They were concerned because of a push from the FSF, and though the effect was irritating to those of you on the list, the impetus was valid. TLS-authz per this standard cannot be integrated into Free Software - which is a major problem for anyone using a monolithic software or a software without a plugin architecture that would including the functionality outside the application's license. If the IETF had detected these problems - namely that the patent license required was incompatible with the licensing of some double-digit percentage of the software effected - than we wouldn't have bombed your list at the last minute in a last attempt to apprise you to this problem. Your quote: It is also worth remembering that almost no technology is unencumbered these days. Indeed, we mostly don't know when it is. So it's pretty naive to think that the IETF (or anyone) can only approve unencumbered technology (despite what we may wish). Is invalid. What this states is equivilent to "Eating an apple that might be rotten tastes as bad as eating an apple that we know is." peace, Ryan McIntosh Software Architect PeaceWorks Computer Consulting ph: (204) 480-0314 cell: (204) 770-3682 ryan@peaceworks.ca ----- Original Message ----- From: Noel Chiappa To: ryan@peaceworks.ca Cc: jnc@mercury.lcs.mit.edu Sent: Wed, 11 Feb 2009 21:47:18 -0500 (EST) Subject: Re: RE proposed standard draft-housley-tls-authz-extns-07 > My apologies, Noel. Don't worry about it. It's really the FSF who is guilty - they suckered you all into doing their dirty work. > Just so it's clear - my comments were in support of Free Software, not the > Free Softw are Foundation. Got it - and in fact, tqhe major, important and consequential contributions of the free software community as a whole are well understood by most IETF people, and many of us are therefore receptive to their concerns - but those concerns need to be expressed in an effective manner. > Please, advise as to the proper forum for voicing my concerns regarding > the potential encumberance of a suggested standard by patented > software if not the mailing list for your organization.p The problem is that our process is set up all wrong for that kind of interaction. A lot of these decisions are complicated, and so it doesn't really work well to come in at the end, after everyone else has looked at a lot of different issues and tradeoffs, and hammered out something that meets everyone's goals, and ask that things be changed... As a result, the IETF almost _can't_ have a good mechanism for receiving 'outside' comments at the last moment. The thing is that the IETF is so open (there is no fee to join a list, or any kind of qualification) that we've always asumed the best way to influence work on an IETF standard is to just be on the inside! That means joining the mailing list for the Working Group that's developing the standard, and give your opinion while the WG is still working on it. Yes, this means people have to somehow find out that a WG exists, spend time paying attention to it, etc. Of course, not everyone can manage to do that. On the other hand, if people come in at the end, then you're back to the 'everyone went round and round and hammered this out, and now you want us to change it' problem. Sigh... Also, you may find the attached message from another IETFer to provide some insight into our attitude about encumbered standards. Here's another point for you: we have had cases were we approved a spec, and _after_ it was implemented and deployed, it turned out someone outside the IETF had filed a patent application that bore on it, one we had no idea existed (the US used to not make applications public) - we call them 'submarine patents' (for the obvious reason). So we can't _guarantee_ that a spec has no encumbrances _anyway_. Noel -------- From: Thomas Narten Date: Wed, 11 Feb 2009 09:16:23 -0500 The basic process is that when IPR is known to exist, the IETF (and/or the WG where the work is being developed) consider the IPR disclosure along with the licensing terms, and any other issue they deem relevant. They then decide whether to: -- reject the technology outright, because the IPR is simply too problematic to have in that particular standard. -- Try to work around the IPR by changing the technology to not infringe the IPR (usually hard or impossible to do, for several reasons) -- Accept that there is IPR, but publish in the experimental or information category, rather than on the Standards Track. -- Accept that there is IPR but publish as a standard anyway. This is done when it is believed having a standard is important, and that the IPR is not sufficient grounds to torpedo the entire effort. If the IPR proves to be too onerous in practice for folk to implement (whether vendors or open source), the standard goes nowhere. That is often a fine way for the situation to work out. "Let the market decide". And, it is worth noting, that the open source community does play an important role here, because if they won't implement a technology, that can be enough to prevent the technology from obtaining critical mass. It is also worth remembering that almost no technology is unencumbered these days. Indeed, we mostly don't know when it is. So it's pretty naive to think that the IETF (or anyone) can only approve unencumbered technology (despite what we may wish).
- RE proposed standard draft-housley-tls-authz-extn… Ryan McIntosh
- Re: RE proposed standard draft-housley-tls-authz-… Ryan McIntosh