IETF Logo Mail Archive

Re: FSF's comment on draft-housley-tls-authz-extns

Sam Hartman <hartmans-ietf@mit.edu> Fri, 13 February 2009 15:23 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 20A2C3A6A9D for <ietf@core3.amsl.com>; Fri, 13 Feb 2009 07:23:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.965
X-Spam-Level:
X-Spam-Status: No, score=-1.965 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_32=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYOOCYEdhFtA for <ietf@core3.amsl.com>; Fri, 13 Feb 2009 07:23:07 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by core3.amsl.com (Postfix) with ESMTP id D8D883A67F7 for <ietf@ietf.org>; Fri, 13 Feb 2009 07:23:06 -0800 (PST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 053944526; Fri, 13 Feb 2009 10:23:07 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: campaigns@fsf.org
Subject: Re: FSF's comment on draft-housley-tls-authz-extns
References: <87skmknar8.fsf@ashbery.wjsullivan.net>
Date: Fri, 13 Feb 2009 10:23:06 -0500
In-Reply-To: <87skmknar8.fsf@ashbery.wjsullivan.net> (John Sullivan's message of "Wed, 11 Feb 2009 12:28:43 -0500")
Message-ID: <tslfxiiuzs5.fsf@live.mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2009 15:23:08 -0000

>>>>> "John" == John Sullivan <johns@fsf.org> writes:


    John> The Licensing Declaration starts out right:

    >> RedPhone Security hereby asserts that the techniques for
    >> sending and receiving authorizations defined in TLS
    >> Authorizations Extensions (version
    >> draft-housley-tls-authz-extns-07.txt) do not infringe upon
    >> RedPhone Security's intellectual property rights (IPR).

    John> However, it is then followed by an important caveat:

    >> The values provided in, and the processing required by the
    >> authorizations ("authz_data" in the Protocol Document) sent or
    >> received using the techniques defined in TLS Authorizations
    >> Extensions are not specified in the Protocol Document. When an
    >> implementation generates the authorizations or processes these
    >> authorizations in any of the four ways described below, then
    >> this practice may be covered by RedPhone Security's patent
    >> claims.

    John> It appears that RedPhone's disclaimer covers software
    John> developers who implement the standard in a vague sense, but
    John> not the people who then actually use that software. A patent
    John> disclaimer must clearly cover both developers and users to
    John> be acceptable. 

I'm sorry, I don't see this at all.  I appreciate that you quoted the
text in question.  However I don't see anything in the language you
quote that applies differently to either users or developers.

The text is saying that the transport mechanisms described in the
Housley draft are not covered by the patent.  However the text goes on
to say that some ways in which an implementation might employ those
transport mechanisms would be covered by the patent.  As I read the
text, both developers and users who used the mechanisms in the Housley
draft in any of these four ways would infringe the patent, Redphone
claims.

However I'll also note that there are significant uses of the
transport mechanisms in the Housley draft that are interesting both to
the free software and IETF communities that fall well outside these
four areas.  In particular, transporting in-band group memberships and
authorization/attribute assertions see.ms to fall outside these areas.

I can understand why the GNU project would not choose to ship an
extension to GNU TLS that used this transport to send agreement
locations.

However, it is completely absurd to claim that because some
infrastructure building block could (by writing additional software)
be used in a manner that infringes a patent that no free software
version of that building block can exist.  As an example, the FSF
ships a compiler collection that can be used to infringe a number of
patents in the hands of someone who has infringing source code.  The
GNU/Linux kernel includes a TCP implementation that can be used to
infringe Redphone's patent.

I'd agree with you that things would be problematic for the free
software community if the ways in which this technology were going to
be used by free software infringed the patent.  I also agree with you
that there are things that one could choose to standardize on top of
this draft that would be highly problematic for the free software
community.  Should anyone choose to standardize those items, I will
join you in a protest.

Until then, please pick battles worth fighting.  There are a lot of bad patent issues out there; this is no where near the top.

v2.23.0 | Report a Bug | By Email