FSF's ... warning about TLS

terry white <twhite@aniota.com> Tue, 10 February 2009 17:42 UTC

Return-Path: <twhite@aniota.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id E3ED83A6946 for <ietf@core3.amsl.com>; Tue, 10 Feb 2009 09:42:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id LHh7EJiBPhPq for <ietf@core3.amsl.com>; Tue, 10 Feb 2009 09:42:10 -0800 (PST)
Received: from mail.avvanta.com (smtp61.avvanta.com []) by core3.amsl.com (Postfix) with ESMTP id 7E5553A6A82 for <ietf@ietf.org>; Tue, 10 Feb 2009 09:42:09 -0800 (PST)
Received: from mail.avvanta.com (localhost.pops.p.blarg.net []) by mail.avvanta.com (Postfix) with ESMTP id DCD8D276CE9; Tue, 10 Feb 2009 09:42:10 -0800 (PST)
Received: from q-static-156-178.avvanta.com (q-static-156-178.avvanta.com []) by mail.avvanta.com (Postfix) with ESMTP id 87435276CBE; Tue, 10 Feb 2009 09:42:10 -0800 (PST)
Date: Tue, 10 Feb 2009 09:42:10 -0800
From: terry white <twhite@aniota.com>
To: ietf@ietf.org
Subject: FSF's ... warning about TLS
Message-ID: <Pine.LNX.4.58.0902100926540.31223@yossarian.aniota.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-BlargAV-Status: No viruses detected, BlargAV v1.1 on localhost.pops.p.blarg.net
X-Mailman-Approved-At: Tue, 10 Feb 2009 17:03:24 -0800
Cc: campaigns@fsf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Feb 2009 23:35:08 -0000

... ciao:

    given the current environment, it seems like granting an exclusive
right to 'deploy' a "STANDARD", satisfies little other than greed.

    given the 'security' aspect, it looks a lot like a critical point of
failure.  if a 'patent' guaranteed protection to those forced to license
it, that would be one thing.  but leaving security to an isolated
commercial concern seems reckless ...

... i'm a man, but i can change,
    if i have to , i guess ...

---------- Forwarded message ----------
Date: Tue, 10 Feb 2009 09:27:23 -0800 (PST)
From: terry <twhite@aniota.com>
To: twhite@aniota.com
Subject: FSF ...

From: "Peter Brown" <peterb@fsf.org>
To: info-fsf@gnu.org, info-member@fsf.org
Message-ID: <498EF4B7.8050609@fsf.org>
Date: Sun, 8 Feb 2009 15:05:00 +0000
Return-Path: <info-fsf-bounces+sys=aniota.com@gnu.org>
Delivered-To: sys@1761924.1904440
Received: (qmail 16542 invoked by uid 78); 8 Feb 2009 18:44:56 -0000
Received: from unknown (HELO ns-mr5.netsolmail.com) ( by 0 with
          SMTP; 8 Feb 2009 18:44:56 -0000
Received: from lists.gnu.org (lists.gnu.org []) by
          ns-mr5.netsolmail.com (8.13.6/8.13.6) with ESMTP id n18IitM6022863
          for <sys@aniota.com>; Sun, 8 Feb 2009 13:44:55 -0500
Received: from localhost ([]:37739 helo=lists.gnu.org) by
          lists.gnu.org with esmtp (Exim 4.43) id 1LWEaT-0001Iq-5W for
          sys@aniota.com; Sun, 08 Feb 2009 13:41:01 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id
          1LWBBB-0007SI-8e for info-fsf@gnu.org; Sun, 08 Feb 2009 10:02:41 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id
          1LWBBA-0007Rw-KC for info-fsf@gnu.org; Sun, 08 Feb 2009 10:02:40 -0500
Received: from [] (port=37508 helo=monty-python.gnu.org) by
          lists.gnu.org with esmtp (Exim 4.43) id 1LWBBA-0007Rt-91 for
          info-fsf@gnu.org; Sun, 08 Feb 2009 10:02:40 -0500
Received: from mail.fsf.org ([]:50408) by monty-python.gnu.org
          with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
          (envelope-from <peterb@fsf.org>) id 1LWBB9-0000DS-Pk for
          info-fsf@gnu.org; Sun, 08 Feb 2009 10:02:39 -0500
Received: from jumpgate.fsf.org ([]:36860 helo=[]) by
          mail.fsf.org with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
          (Exim 4.63) (envelope-from <peterb@fsf.org>) id 1LWBB8-0004GA-Oa;
          Sun, 08 Feb 2009 10:02:39 -0500
User-Agent: Thunderbird (X11/20081125)
X-Enigmail-Version: 0.95.0
X-detected-operating-system: by mail.fsf.org: GNU/Linux 2.6 (newer, 1)
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom
                             2.4 (older, 4)
X-Mailman-Approved-At: Sun, 08 Feb 2009 13:32:31 -0500
X-BeenThere: info-fsf@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Free Software Foundation Announcements and Information
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/info-fsf>,
List-Archive: <http://lists.gnu.org/pipermail/info-fsf>
List-Post: <mailto:info-fsf@gnu.org>
List-Help: <mailto:info-fsf-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/info-fsf>,
Sender: info-fsf-bounces+sys=aniota.com@gnu.org
Errors-To: info-fsf-bounces+sys=aniota.com@gnu.org
Subject: [FSF] Send comments to the IETF opposing TLS-authz standard by
    February 11, 2009
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

From: http://www.fsf.org/news/reoppose-tls-authz-standard

Last January, the Free Software Foundation issued an alert to efforts at
the Internet Engineering Task Force (IETF) to sneak a patent-encumbered
standard for "TLS authorization" through a back-door approval process
that was referenced as "experimental" or "informational".  The many
comments sent to IETF at that time alerted committee members to this
attempt and successfully prevented the standard gaining approval.

Unfortunately, attempts to push through this standard have been renewed
and become more of a threat.  The proposal now at the IETF has a changed
status from "experimental" to "proposed standard". The FSF is again
issuing an alert and request for comments to be sent urgently and prior
to the February 11 deadline to: ietf@ietf.org

Please include us in your message by a CC to campaigns@fsf.org

That patent in question is claimed by RedPhone Security.  RedPhone has
given a license to anyone who implements the protocol, but they still
threaten to sue anyone that uses it.

If our voice is strong enough, the IETF will not approve this standard
on any level unless the patent threat is removed entirely with a
royalty-free license for all users.

Further background for your comment:

Much of the communication on the Internet happens between computers
according to standards that define common languages.  If we are going to
live in a free world using free software,  our software must be allowed
to speak these languages.

Unfortunately, discussions about possible new standards are tempting
opportunities for people who would prefer to profit by extending
proprietary control over our communities. If someone holds a software
patent on a technique that a programmer or user has to use in order to
make use of a standard, then no one is free without getting permission
from and paying the patent holder. If we are not careful, standards can
become major barriers to computer users having and exercising their freedom.

We depend on organizations like the Internet Engineering Task Force
(IETF) and the Internet Engineering Steering Group (IESG) to evaluate
new proposals for standards and make sure that they are not encumbered
by patents or any other sort of restriction that would prevent free
software users and programmers from participating in the world they define.

In February 2006, a standard for "TLS authorization" was introduced in
the IETF for consideration. Very late in the discussion, a company
called RedPhone Security disclosed (this disclosure has subsequently
been unpublished from the IETF website) that they applied for a patent
which would need to be licensed to anyone wanting to practice the
standard. After this disclosure, the proposal was rejected.

Despite claims that RedPhone have offered a license for implementation
of this protocol, users of this protocol would still be threatened by
the patent. The IETF should continue to oppose this standard until
RedPhone provide a royalty-free license for all users.

Media Contacts

Peter T. Brown
Executive Director
Free Software Foundation

info-fsf mailing list info-fsf@gnu.org