[Dean Anderson] RE: Withdrawal of Approval and Second Last Call: draft-housley-tls-authz-extns
Sam Hartman <hartmans-ietf@mit.edu> Mon, 02 April 2007 20:44 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HYTOL-0006I7-3a; Mon, 02 Apr 2007 16:44:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HYTOJ-0006I1-GN for ietf@ietf.org; Mon, 02 Apr 2007 16:44:39 -0400
Received: from carter-zimmerman.dyn.mit.edu ([18.188.3.148] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HYTOH-0003qf-5Q for ietf@ietf.org; Mon, 02 Apr 2007 16:44:38 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 3715DE0430; Mon, 2 Apr 2007 16:44:32 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf@ietf.org
Date: Mon, 02 Apr 2007 16:44:31 -0400
Message-ID: <tslvege8q1c.fsf@cz.mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7c1a129dc3801d79d40c5ca8dee767eb
Subject: [Dean Anderson] RE: Withdrawal of Approval and Second Last Call: draft-housley-tls-authz-extns
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
Dean cannot post to the ietf list so I have forwarded his comments here.
--- Begin Message ---Ok, I've now read most of the patent documents and claims, and I've looked over the draft-housley-tls-authz-extns-07.txt. Short answer: The RFC and the patent application are very close, if not identical. It is not the case that the patent is merely overbroad, and therefore covers the housley draft; they are the same. On the draft: rewrite so as not to infringe the patent application if granted. The timeline of events is very important: -- The first patent applicationis filed in January, 2005, with Mark D. Brown and David J. Wilke as the applicants. -- The application was apparently amended September, 2005 with application number 11/234404. This application is not listed in the IPR disclosure, but can be found on the "Continuity Data" tab of the USPTO web site (see below). This is somewhat strange, I think, especially as its the most similar to the housley draft. -- The first draft of draft-housley-tls-authz-extns was submitted in February, 2006. Mark Brown and Russ Housley are the authors. -- February 2007, IESG approval is withdrawn after Russ Housley becomes Chair of IETF and IPR information comes out regarding the draft. Having reviewed the documents, the 'housley' draft and the patent application contain essentially identical message exchange diagrams. For example, Figure 6 of the drawings associated with patent application 11/234404 is nearly identical with Figure 2 of draft-housley-tls-authz-extns-07.txt. It seems impossible to me that, as Brown describes below, that the patent claims could merely 'be read more broadly.' This patent is essentially identical with the IETF draft. The primary difference is the housley draft doesn't contain the concrete examples of the patent application, and is more abstractly written. I'm not sure what it means to file a patent and subsequently author an essentially identical draft 'in good faith', since it is unclear what bad faith would be. I am still uncertain about when Brown and Housley each knew about RFC3979, and when did they each know about the existance of the patent application. I haven't seen any such dates and evidence on this by either Housley or by Brown. I'm a still uncertain as to how the existance of the patent application became known to the IETF. I would like to see definite answers to these questions, rather than assurances of good faith. BTW, creating a permanent royalty free license grant to the public is quite easy. Other variations are quite hard, until you get down to licensing individual entities. However, you cannot simulataneously both grant royalty free use of this patent, and continue to make money using this patent as a monopoly on the technology; these are mutually exclusive. On the subject of how to proceed with the draft: Having reviewed documents, my view is that the technology in the patent application is not novel, but would be obvious to anyone trying perform the services described, and that therefore the patent application should be denied. Furthermore, except for possibly overbroad claims, the TLS protocol extension can be changed so that it doesn't use the patented methods. My recommendation, informed by the actual documents, is that the draft should be rejected and rewritten using non-patented alternatives. FYI: The patent files can be downloaded from the "How to Search" page at http://www.uspto.gov/main/profiles/acadres.htm Then click "Track Patent Status" Then select "Application Number" and enter the application number 60/646749 or 11/234404 and click on Search. To get the patent documents, click the tab "Image File Wrapper" and download the images as a PDF. There are other tabs which are interesting. --Dean On Thu, 29 Mar 2007, Mark Brown wrote: > Simon, > > I filed for patent (Jan and Sep 2005) and later promoted TLS authz (Feb > 2006) in good faith. It is possible that the patent claims can be read more > broadly than I expected, but that's a fairly detailed and unresolved legal > question. I am working diligently to -- let me speak carefully -- explore > if and how I can make a royalty free license grant to ensure that promoting > TLS authz continues to be an act in good faith, while still protecting a way > for my company to make money on its IPR. > > I have experienced some surprises when mixing law and Internet standards. > To try to avoid surprises, I have hired IPR attorneys at two different firms > to review my draft which proposes a royalty-free license grant. I expect > any resulting license will be conditioned upon IETF acceptance of TLS authz > as a standard. I hope to have concluded these services next week. > > I think IPR questions are complicated in part because for some questions > only a lawsuit can answer the question -- but we should all want to stay > clear of these kinds of lawsuits! So answers seem to me to be in short > supply. I want to craft the proposed license to make this situation a > little clearer than that, but doing so often involves taking risks of giving > away a huge loophole. So I'm working to get good legal advice. > > In short, I am working to create a royalty-free license grant -- hopefully I > can disclose it next week. With some luck, it will clarify the situation. > > Best regards, > > mark > > > -----Original Message----- > > From: Simon Josefsson [mailto:simon@josefsson.org] > > Sent: Thursday, March 29, 2007 10:12 AM > > To: Sam Hartman > > Cc: ietf@ietf.org; iesg@ietf.org; mark@redphonesecurity.com > > Subject: Re: Withdrawal of Approval and Second Last Call: draft-housley- > > tls-authz-extns > > > > Sam Hartman <hartmans-ietf@mit.edu> writes: > > > > >>>>>> "Simon" == Simon Josefsson <simon@josefsson.org> writes: > > > > > > Simon> I don't care strongly about the standards track status. > > > Simon> However, speaking as implementer of the protocol: If the > > > Simon> document ends up as informational or experimental, I > > > Simon> request that we make an exception and allow the protocol to > > > Simon> use the already allocated IANA protocol constants. That > > > Simon> will avoid interoperability problems. I know the numbers > > > Simon> are allocated from the pool of numbers reserved for > > > Simon> standards track documents. There is no indication that we > > > Simon> are running out of numbers in that registry. Thus, given > > > Simon> the recall, I think the IETF should be flexible and not > > > Simon> re-assign the IANA allocated numbers at this point just > > > Simon> because of procedural reasons. > > > > > > Would you support publication on the standards track given the IPR > > > situation as someone who has implemented? > > > > If the patent concern is valid and covers TLS libraries or other > > applications, no. > > > > However, as far as I am aware of the public information that is > > available, the situation appears to be that we don't know whether > > these patents apply and to what extent. I don't know whether the > > patents were filed in good or bad faith. More information from the > > patent holders may help here. > > > > If it is possible to implement the protocol without violating the > > patents, I would support publication. I've seen some claims that this > > may be possible. I have no interest in reading these patents myself, > > but my position would be influenced if someone knowledgeable reads the > > patents. > > > > Given the amount of patents out there, it would be unreasonable for us > > to move everything to informational just because someone finds > > something that may be relevant to a piece of work. > > > > The community needs to evaluate patent claims, and preferably reach > > conservative agreement (rough consensus is not good enough) on whether > > we should care about a particular patent or not. Input to that > > community evaluation process may be documentation of legal actions > > taken by a patent owner. Sometimes that may happen only after a > > document has been published. > > > > I would support down-grading standards track documents that later turn > > out to be patent-infected to informational. Doing so would avoid > > sending a message that the IETF supports patented technology, when the > > IETF community didn't know about the patents at publication time. For > > credibility of the process, I believe it is important that these > > decisions are only made based on publicly available information. > > > > /Simon > > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000--- End Message ---
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Frank Ellermann
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- Re: Withdrawal of Approval and Second Last Call: … Dave Cridland
- Re: Withdrawal of Approval and Second Last Call: … Peter Sylvester
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Ted Hardie
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- Re: Withdrawal of Approval and Second Last Call: … Ted Hardie
- Re: Withdrawal of Approval and Second Last Call: … Steven M. Bellovin
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- Re: Withdrawal of Approval and Second Last Call: … Ted Hardie
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- RE: Withdrawal of Approval and Second Last Call: … Mark Brown
- RE: Withdrawal of Approval and Second Last Call: … Paul Hoffman
- RE: Withdrawal of Approval and Second Last Call: … John C Klensin
- Re: Withdrawal of Approval and Second Last Call: … Spencer Dawkins
- RE: Withdrawal of Approval and Second Last Call: … Jeffrey Hutzelman
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- Re: Withdrawal of Approval and Second Last Call: … Scott W Brim
- Re: Withdrawal of Approval and Second Last Call: … John C Klensin
- Re: Withdrawal of Approval and Second Last Call: … Eliot Lear
- Re: Withdrawal of Approval and Second Last Call: … Brian E Carpenter
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman
- [Dean Anderson] RE: Withdrawal of Approval and Se… Sam Hartman
- RE: Withdrawal of Approval and Second Last Call: … Harald Tveit Alvestrand
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- RE: Withdrawal of Approval and Second Last Call: … Harald Tveit Alvestrand
- RE: Withdrawal of Approval and Second Last Call: … Mark Brown
- RE: Withdrawal of Approval and Second Last Call: … Russ Housley
- Re: Withdrawal of Approval and Second Last Call: … Russ Housley
- RE: Withdrawal of Approval and Second Last Call: … Russ Housley
- RE: Withdrawal of Approval and Second Last Call: … Russ Housley
- Re: Withdrawal of Approval and Second Last Call: … Russ Housley
- Re: Withdrawal of Approval and Second Last Call: … hartmans-ietf
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Brian E Carpenter
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Brian E Carpenter
- Re: Withdrawal of Approval and Second Last Call: … Jari Arkko
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Arnt Gulbrandsen
- Re: Withdrawal of Approval and Second Last Call: … Tony Finch
- Re: Withdrawal of Approval and Second Last Call: … Jari Arkko
- Re: Withdrawal of Approval and Second Last Call: … Brian E Carpenter
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Theodore Tso
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Brian E Carpenter
- Re: Withdrawal of Approval and Second Last Call: … Scott W Brim
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Theodore Tso
- Re: Withdrawal of Approval and Second Last Call: … kent
- Re: Withdrawal of Approval and Second Last Call: … Theodore Tso
- Re: Withdrawal of Approval and Second Last Call: … Marshall Eubanks
- Re: Withdrawal of Approval and Second Last Call: … Douglas Otis
- Re: Withdrawal of Approval and Second Last Call: … Joel Jaeggli
- Re: Withdrawal of Approval and Second Last Call: … Jeffrey Hutzelman
- RE: Withdrawal of Approval and Second Lawrence Rosen
- Re: Withdrawal of Approval and Second Last Call: … Jeffrey Hutzelman
- Re: Withdrawal of Approval and Second Last Call: … John C Klensin
- RE: Withdrawal of Approval and Second Last Call: … Contreras, Jorge
- Re: Withdrawal of Approval and Second Last Call: … Theodore Tso
- Re: Withdrawal of Approval and Second Last Call: … Pekka Savola
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- RE: Withdrawal of Approval and Second Last Call: … John C Klensin
- RE: Withdrawal of Approval and Second Last Call: … Mark Brown
- RE: Withdrawal of Approval and Second Last Call: … Mark Brown
- RE: Withdrawal of Approval and Second Last Call: … Thierry Moreau
- Re: Withdrawal of Approval and Second Last Call: … Thierry Moreau
- Re: Withdrawal of Approval and Second Last Call: … Simon Josefsson
- Re: Withdrawal of Approval and Second Last Call: … Brad Hards
- RE: Withdrawal of Approval and Second Last Call: … Mark Brown
- Re: Withdrawal of Approval and Second Last Call: … Sam Hartman