Comments on TLS-authz
Scott Goodwin <Scott.Goodwin@nasa.gov> Wed, 11 February 2009 22:30 UTC
Return-Path: <scott.goodwin@nasa.gov>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E542C28C376 for <ietf@core3.amsl.com>; Wed, 11 Feb 2009 14:30:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.532
X-Spam-Level:
X-Spam-Status: No, score=-4.532 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bzSqbqbpQHiU for <ietf@core3.amsl.com>; Wed, 11 Feb 2009 14:30:20 -0800 (PST)
Received: from ndjsnpf01.ndc.nasa.gov (ndjsnpf01.ndc.nasa.gov [198.117.1.121]) by core3.amsl.com (Postfix) with ESMTP id 2BDE828C2DC for <ietf@ietf.org>; Wed, 11 Feb 2009 14:30:03 -0800 (PST)
Received: from ndmsppt02.ndc.nasa.gov (ndmsppt02.ndc.nasa.gov [198.117.0.101]) by ndjsnpf01.ndc.nasa.gov (Postfix) with ESMTP id BE5B4328563; Wed, 11 Feb 2009 16:30:07 -0600 (CST)
Received: from ndmsxgw03.ndc.nasa.gov (ndmsxgw03.ndc.nasa.gov [129.166.9.161]) by ndmsppt02.ndc.nasa.gov (8.14.1/8.14.1) with ESMTP id n1BMU73k025899; Wed, 11 Feb 2009 16:30:07 -0600
Received: from NDMSEVS37B.ndc.nasa.gov ([129.166.9.158]) by ndmsxgw03.ndc.nasa.gov with Microsoft SMTPSVC(6.0.3790.3959); Wed, 11 Feb 2009 16:30:07 -0600
Received: from 98.172.25.163 ([98.172.25.163]) by NDMSEVS37B.ndc.nasa.gov ([129.166.9.25]) via Exchange Front-End Server mail02.ndc.nasa.gov ([129.166.9.43]) with Microsoft Exchange Server HTTP-DAV ; Wed, 11 Feb 2009 22:30:07 +0000
User-Agent: Microsoft-Entourage/12.11.0.080522
Date: Wed, 11 Feb 2009 17:30:05 -0500
Subject: Comments on TLS-authz
From: Scott Goodwin <Scott.Goodwin@nasa.gov>
To: ietf@ietf.org
Message-ID: <C5B8BB9D.23FB%Scott.Goodwin@nasa.gov>
Thread-Topic: Comments on TLS-authz
Thread-Index: AcmMmElVOWc1PbYXYkmWKIsxhMvmKQ==
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 11 Feb 2009 22:30:07.0541 (UTC) FILETIME=[4AD8CE50:01C98C98]
X-Mailman-Approved-At: Thu, 12 Feb 2009 15:01:18 -0800
Cc: campaigns@fsf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2009 22:31:42 -0000
I oppose the publication of "Transport Layer Security (TLS) Authorization Extensions" (draft-housley-tls-authz-extns) due to patent restrictions on the use of these extensions. The implementation appears to be released from any potential patent claims for implementing the protocol(s) as described in draft-housley-tls-authz-extns-07.txt Yet the release of IPR for implementation is followed by patent claims as to the use of part or all of those implementations. This puts the IETF in the position of approving for use a protocol standard whose implementation is unimpeded but whose actual use incurs potential risk to users of AUTHZ protocol extension implementations. The language stating that "RedPhone Security agrees to grant licenses for such uses in a fair and non-discriminatory manner" does not explicitly or implicitly indicate that such grants would be royalty-free or free of other charges or limitations by RedPhone Security. In essence, a private company with patented IPR is proposing a protocol standard that, if adopted by the IETF, may well lead to IPR lawsuits against those using such implementations. This is neither in the intent nor spirit of Internet protocols nor in the best interests of the public at large. As such this draft standard must be rejected by the IETF until RedPhone Security releases all IPR with respect to the implementation and use of the AUTHZ extensions protocol or submits to granting a royalty-free license to implement and use the protocol extensions. Ref: https://datatracker.ietf.org/ipr/1026/ /s. Scott Goodwin Chief Information Officer Space Operations Mission Directorate National Aeronautics and Space Administration Washington, DC
- Comments on TLS-authz Scott Goodwin