Re: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard

Thierry Moreau <> Tue, 10 February 2009 17:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E27073A69A2 for <>; Tue, 10 Feb 2009 09:32:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.373
X-Spam-Status: No, score=-1.373 tagged_above=-999 required=5 tests=[AWL=1.227, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lDZhUsDRdVHy for <>; Tue, 10 Feb 2009 09:32:45 -0800 (PST)
Received: from ( []) by (Postfix) with SMTP id B07C83A68A9 for <>; Tue, 10 Feb 2009 09:32:45 -0800 (PST)
Received: (qmail 86854 invoked from network); 10 Feb 2009 17:32:47 -0000
Received: from unknown (HELO (thierry.moreau@ with plain) by with SMTP; 10 Feb 2009 17:32:47 -0000
X-YMail-OSG: FqWcinIVM1lRV.H_g69F8KW_DIAuE27w4szqktA1bIeLL5dnQiv1Hz.VK4x5Qzzu5g--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <>
Date: Tue, 10 Feb 2009 12:41:24 -0500
From: Thierry Moreau <>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Simon Josefsson <>
Subject: Re: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard
References: <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Feb 2009 17:32:47 -0000

Simon Josefsson wrote:

> <> writes:
>>My reading of RedPhone's IPR disclosure 1026 is that they claim to
>>have a patent application about a larger system that includes
>>tls-authz as one part, and uses it in particular way. If you want to
>>build a system matching the numbered list 1..4 in the disclosure
>>(RedPhone's description of what they claim is covered), then you
>>would have to consider this IPR disclosure.
> A license is required for each of the cases 1, 2, 3, and 4 individually.
> As far as I read item 3, it seems to cover many kind of realistic use of
> this protocol.  As soon as you have some authorization data, you would
> typically compare the sender of the authorization to some set of valid
> issuers.

This reasoning is perhaps useful to support an opposition campaign, but 
it is incomplete.

The patent *claims* can not be broadened by a generic mention of a use 
case. Going into the details of this specific instance boils down to 
evaluating the validity of IPR claims.

Let me bring a few facts. The redphone IPR is a US patent application 
that was amended on 2008/01/25. No US patent office examiner has 
responded so far. Altough a PCT application is mentioned in the IPR 
disclosure, there is no mention of national phase entry(ies), so the 
only affected jurisdiction would be the US only (the IPR disclosure 
should be more comprehensive if I am wrong). With a priority date in 
January 2005, the IPR claims can not cover the business methods 
prevailing before, e.g. the corporate treasury management on-line 
services based on authorizations (e.g. one-time password using tokens) 
to access a bank account (network resources) where the specific form of 
authorization is defined in the service enrollment agreement.

So, the argument that IPR disclosure 1026 case 3 is a justification for 
the FSF campaign is relevant only in the perspective of an ideological 
opposition to patents. There are ample facts to justify an endorsement 
of TLS-authz advance in the IETF standardization process.



- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: