Re: Last Call on draft-bradner-rfc3979bis-08.txt ("Intellectual Property Rights in IETF Technology")

Pete Resnick <> Fri, 29 April 2016 19:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CBD3F12D10E for <>; Fri, 29 Apr 2016 12:59:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.017
X-Spam-Status: No, score=-8.017 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KywKezwR7-3Y for <>; Fri, 29 Apr 2016 12:59:04 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 10D5B12D0DF for <>; Fri, 29 Apr 2016 12:59:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=qcdkim; t=1461959940; x=1493495940; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=YMC7RobgRNsW3CIYzuTx0t0FGFS8FNYSYdaH34W/O5o=; b=CnsBwE8yZA35JCw1T0ITfnizO6D3upFv6SxP+n/6cLGKwXtbSLuCZGUT kkCPzAOxJeeeMX4ZzWRLD5WTUktxOCTs1CxPyq5VO14AtV+u2to/mco3O BpdBFAr96LknM3Mbpmls0XFV9HeyFx8OTKWFM8FZDTDROvG/O85aLi8mZ U=;
X-IronPort-AV: E=Sophos;i="5.24,553,1455004800"; d="scan'208";a="284547520"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 29 Apr 2016 12:59:00 -0700
X-IronPort-AV: E=McAfee;i="5700,7163,8150"; a="687220188"
Received: from ([]) by with ESMTP/TLS/RC4-SHA; 29 Apr 2016 12:59:00 -0700
Received: from [] ( by ( with Microsoft SMTP Server (TLS) id 15.0.1130.7; Fri, 29 Apr 2016 12:58:59 -0700
From: Pete Resnick <>
To: Stephan Wenger <>
Subject: Re: Last Call on draft-bradner-rfc3979bis-08.txt ("Intellectual Property Rights in IETF Technology")
Date: Fri, 29 Apr 2016 14:58:58 -0500
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.4r5239)
X-Originating-IP: []
X-ClientProxiedBy: ( To (
Archived-At: <>
Cc: IETF <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 Apr 2016 19:59:07 -0000

On 25 Apr 2016, at 16:31, Stephan Wenger wrote:

> On 4/25/16, 13:15, "ietf on behalf of Jari Arkko" 
> < on behalf of> wrote:
>>> - Section 5.5(C): Two things:
> [...]
>>> OLD
>>>      must ensure that such
>>>      commitments are binding on any subsequent transferee of the
>>>      relevant IPR.
>>> NEW
>>>      must ensure that such commitments are binding on a transferee 
>>> of
>>>      the relevant IPR, and that such transferee will use reasonable
>>>      efforts to ensure that such commitments are binding on a
>>>      subsequent transferee of the relevant IPR, and so on.
>>> END
>>> The object of the "subsequent" wasn't clear, so this just spells it 
>>> out. Wordy, but more precise.
>> Right
> I’m not sure I agree that the object of “subsequent wasn’t clear 
> from context.  However, I don’t mind to see that fixed if others 
> feel so.  However, the fix as proposed sets a very low standard 
> (reasonable efforts) for ensuring that subsequent transferees are 
> bound. That a substantial change from the WG consensus, and IMO in the 
> wrong direction.

Let's be clear that there was no "WG consensus" on this, since there was 
no WG. But let's assume that the consensus of the BoF was for something 

I disagree that "use reasonable efforts to ensure" is such a low 
standard, and the stronger language you propose concerns me:

> What we want to achieve is that if A assigns a patent to B, B and all 
> further transferees (B to C, C to D, etc. etc.) are similarly bound.  
> We want to make sure if any of these entities doesn’t feel bound for 
> whatever reason, the patent is held unenforcible by a well-informed 
> court.  It’s clear that this is much more onerous to the 
> rightholder, and may well lower the value of the IPR.
> I would be fine if the NEW part would be reworded as follows:
>       must ensure that such commitments are binding on a transferee of
>       the relevant IPR, and also binding on any subsequent transferees
> of the relevant IPR.

This seems to require that if my IPR is transferred 20 times over 20 
years, I am on the hook in perpetuity to absolutely make sure that the 
next person down the line sticks to the agreement. I'm certainly willing 
to make *reasonable* efforts to do so, and it will be up to a court to 
determine if my efforts were reasonable, but I certainly don't want to 
be forced to completely indemnify to 21st person down the line. "Use 
reasonable efforts to ensure" seems reasonable. Otherwise, it's not 
clear to me what I'm signing up to.

>>> - Section 7, paragraph 6:
>>> The only change in this paragraph from 3979 was to add the word 
>>> "all" in the second-to-last sentence. My lawyer friends tell me that 
>>> this little change is opening a can of worms, having to do with 
>>> licensing to makers of parts instead of implementers of the whole 
>>> specification. I don't think we meant to change the meaning from the 
>>> 3979 meaning, and I certainly don't think that we meant to change 
>>> some implication about whether folks in general needed to license to 
>>> people that make parts where they wouldn't have before. Was there 
>>> something unclear about that sentence that needed the word "all" 
>>> added to it? We aren't making a substantive change, are we? Can we 
>>> just strike it? It seemed pretty clear to me before.
>> Agree
> I’m not sure here.
> For context, the paragraph is in section 7 of RFC3979bis (which used 
> to be the second paragraph of section 8 of RFC3979).  The sentence in 
> question describes an purported IETF consensus established in 
> pre-RFC3979 times, as follows (the critical and new “ALL” is 
> capitalized):
> “
> An IETF consensus has developed that no mandatory-to-implement 
> security technology can be specified in an IETF specification unless 
> it has no known IPR claims against it or a royalty-free license is 
> available to ALL implementers of the specification unless there is a 
> very good reason to do so.
> “

Right, the only change between 3979 and the above is the addition of the 
word "ALL" (not in all caps in 3979bis).

> I agree that the tightened language removes an arguably unclear 
> loophole that has been present in RFC3979, and which Pete’s 
> lawyer-friends probably would like to preserve.  However, generally 
> speaking, removing loopholes like this is a Good Thing, unless the 
> consensus at the time was such that there ought to be a loophole.  I 
> did not follow the consensus process in sufficient detail to have an 
> opinion, but perhaps security and IPR conscious folks in the IETF 
> remember?

Wait, what "arguably unclear loophole" do you think was there that 
adding "all" in the above sentence tightens? Calling it a "loophole" 
implies that somehow the IETF intention was to disallow something that 
the current text allows. What is that something that you think we ought 
to be removing?

I know that my lawyer friend was concerned not about security technology 
per se, but the issue of licensing levels more generally. I'm pretty 
sure we only wanted to talk about requiring royalty-free licensing for 
security protocols specifically and never intended to require particular 
kinds of licensing across the board. Either way, I think that the 
original text was perfectly clear and had no loopholes.

So, why are we adding "all"? What loophole are we trying to close? If 
there is none, let's strike "all" and use the original text.

Pete Resnick <>
Qualcomm Technologies, Inc. - +1 (858)651-4478