Re: FSF's comment on draft-housley-tls-authz-extns
Sam Hartman <hartmans-ietf@mit.edu> Fri, 13 February 2009 15:23 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 20A2C3A6A9D for <ietf@core3.amsl.com>; Fri, 13 Feb 2009 07:23:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.965
X-Spam-Level:
X-Spam-Status: No, score=-1.965 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_32=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYOOCYEdhFtA for <ietf@core3.amsl.com>; Fri, 13 Feb 2009 07:23:07 -0800 (PST)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by core3.amsl.com (Postfix) with ESMTP id D8D883A67F7 for <ietf@ietf.org>; Fri, 13 Feb 2009 07:23:06 -0800 (PST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 053944526; Fri, 13 Feb 2009 10:23:07 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: campaigns@fsf.org
Subject: Re: FSF's comment on draft-housley-tls-authz-extns
References: <87skmknar8.fsf@ashbery.wjsullivan.net>
Date: Fri, 13 Feb 2009 10:23:06 -0500
In-Reply-To: <87skmknar8.fsf@ashbery.wjsullivan.net> (John Sullivan's message of "Wed, 11 Feb 2009 12:28:43 -0500")
Message-ID: <tslfxiiuzs5.fsf@live.mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2009 15:23:08 -0000
>>>>> "John" == John Sullivan <johns@fsf.org> writes: John> The Licensing Declaration starts out right: >> RedPhone Security hereby asserts that the techniques for >> sending and receiving authorizations defined in TLS >> Authorizations Extensions (version >> draft-housley-tls-authz-extns-07.txt) do not infringe upon >> RedPhone Security's intellectual property rights (IPR). John> However, it is then followed by an important caveat: >> The values provided in, and the processing required by the >> authorizations ("authz_data" in the Protocol Document) sent or >> received using the techniques defined in TLS Authorizations >> Extensions are not specified in the Protocol Document. When an >> implementation generates the authorizations or processes these >> authorizations in any of the four ways described below, then >> this practice may be covered by RedPhone Security's patent >> claims. John> It appears that RedPhone's disclaimer covers software John> developers who implement the standard in a vague sense, but John> not the people who then actually use that software. A patent John> disclaimer must clearly cover both developers and users to John> be acceptable. I'm sorry, I don't see this at all. I appreciate that you quoted the text in question. However I don't see anything in the language you quote that applies differently to either users or developers. The text is saying that the transport mechanisms described in the Housley draft are not covered by the patent. However the text goes on to say that some ways in which an implementation might employ those transport mechanisms would be covered by the patent. As I read the text, both developers and users who used the mechanisms in the Housley draft in any of these four ways would infringe the patent, Redphone claims. However I'll also note that there are significant uses of the transport mechanisms in the Housley draft that are interesting both to the free software and IETF communities that fall well outside these four areas. In particular, transporting in-band group memberships and authorization/attribute assertions see.ms to fall outside these areas. I can understand why the GNU project would not choose to ship an extension to GNU TLS that used this transport to send agreement locations. However, it is completely absurd to claim that because some infrastructure building block could (by writing additional software) be used in a manner that infringes a patent that no free software version of that building block can exist. As an example, the FSF ships a compiler collection that can be used to infringe a number of patents in the hands of someone who has infringing source code. The GNU/Linux kernel includes a TCP implementation that can be used to infringe Redphone's patent. I'd agree with you that things would be problematic for the free software community if the ways in which this technology were going to be used by free software infringed the patent. I also agree with you that there are things that one could choose to standardize on top of this draft that would be highly problematic for the free software community. Should anyone choose to standardize those items, I will join you in a protest. Until then, please pick battles worth fighting. There are a lot of bad patent issues out there; this is no where near the top.
- FSF's comment on draft-housley-tls-authz-extns John Sullivan
- Re: FSF's comment on draft-housley-tls-authz-extns Willie Gillespie
- Re: FSF's comment on draft-housley-tls-authz-extns Paul Hoffman
- Re: FSF's comment on draft-housley-tls-authz-extns Sam Hartman
- References to Redphone's "patent" Lawrence Rosen
- Re: FSF's comment on draft-housley-tls-authz-extns ned+ietf
- RE: FSF's comment on draft-housley-tls-authz-extns Powers Chuck-RXCP20
- Re: References to Redphone's "patent" Thierry Moreau
- RE: References to Redphone's "patent" Lawrence Rosen
- RE: References to Redphone's "patent" Ted Hardie
- Re: References to Redphone's "patent" Thierry Moreau
- How we got here, RE: References to Redphone's "pa… Hallam-Baker, Phillip
- Re: How we got here, RE: References to Redphone's… Brian E Carpenter
- RE: How we got here, RE: References to Redphone's… Hallam-Baker, Phillip
- Re: How we got here, RE: References to Redphone's… Henning Schulzrinne
- Re: How we got here, RE: References to Redphone's… Michael Richardson
- Re: FSF's comment on draft-housley-tls-authz-extns Byung-Hee HWANG
- Re: FSF's comment on draft-housley-tls-authz-extns John Sullivan