RE: Fourth Last Call: draft-housley-tls-authz-extns

[Robert Schott <robert.schott@gmail.com>]

This standard should be wholly withdrawn until all patent
encumberances are fully removed.

GNU's statement summarizes it well:

http://www.fsf.org/news/reoppose-tls-authz-standard

 Much of the communication on the Internet happens between computers
according to standards that define common languages.  If we are going to
live in a free world using free software,  our software must be allowed
to speak these languages.

Unfortunately, discussions about possible new standards are tempting
opportunities for people who would prefer to profit by extending
proprietary control over our communities. If someone holds a software
patent on a technique that a programmer or user has to use in order to
make use of a standard, then no one is free without getting permission
from and paying the patent holder. If we are not careful, standards can
become major barriers to computer users having and exercising their freedom.

We depend on organizations like the Internet Engineering Task Force
(IETF) and the Internet Engineering Steering Group (IESG) to evaluate
new proposals for standards and make sure that they are not encumbered
by patents or any other sort of restriction that would prevent free
software users and programmers from participating in the world they define.

In February 2006, a standard for "TLS authorization" was introduced in
the IETF for consideration. Very late in the discussion, a company
called RedPhone Security disclosed (this disclosure has subsequently
been unpublished from the IETF website) that they applied for a patent
which would need to be licensed to anyone wanting to practice the
standard. After this disclosure, the proposal was rejected.

Despite claims that RedPhone have offered a license for implementation
of this protocol, users of this protocol would still be threatened by
the patent. The IETF should continue to oppose this standard until
RedPhone provide a royalty-free license for all users.