IETF Logo Mail Archive

Re: Fourth Last Call: draft-housley-tls-authz-extns

Tim Polk <tim.polk@nist.gov> Wed, 14 January 2009 23:02 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE69028C1E9; Wed, 14 Jan 2009 15:02:13 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3F9B3A6887; Wed, 14 Jan 2009 15:02:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.285
X-Spam-Level:
X-Spam-Status: No, score=-6.285 tagged_above=-999 required=5 tests=[AWL=-0.286, BAYES_00=-2.599, J_CHICKENPOX_57=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ArU-7J48y2t; Wed, 14 Jan 2009 15:02:11 -0800 (PST)
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by core3.amsl.com (Postfix) with ESMTP id 0B3C928C214; Wed, 14 Jan 2009 15:01:52 -0800 (PST)
Received: from [192.168.15.166] (bethany.ncsl.nist.gov [129.6.52.15]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id n0EN0tmT028826; Wed, 14 Jan 2009 18:00:55 -0500
In-Reply-To: <Pine.LNX.4.44.0901141540070.22156-100000@citation2.av8.net>
References: <Pine.LNX.4.44.0901141540070.22156-100000@citation2.av8.net>
Mime-Version: 1.0 (Apple Message framework v753.1)
Message-Id: <4D0E7CB4-E88F-4422-A919-9E1BCEECD417@nist.gov>
From: Tim Polk <tim.polk@nist.gov>
Subject: Re: Fourth Last Call: draft-housley-tls-authz-extns
Date: Wed, 14 Jan 2009 18:01:06 -0500
To: Dean Anderson <dean@av8.com>
X-Mailer: Apple Mail (2.753.1)
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: tim.polk@nist.gov
Cc: "Contreras, Jorge" <Jorge.Contreras@wilmerhale.com>, ietf@ietf.org, iesg@ietf.org, Sam Hartman <hartmans-ietf@mit.edu>, Peter Sylvester <peter.sylvester@edelweb.fr>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

On Jan 14, 2009, at 4:53 PM, Dean Anderson wrote:

> Somehow I haven't yet recieved the fourth last call, but only the
> discussion.... Sigh.

see http://www.ietf.org/mail-archive/web/ietf-announce/current/ 
msg05617.html

> There are MANY reasons that this should not be brought to a FOURTH  
> last
> call let me enumerate a few:

Obviously I disagree since I did bring it to a fourth last call.  I  
believe the
technology is useful, the specification of sufficient quality, and  
the IPR
situation is now consistent with the community's statements in the
preceding Last Call.  This makes it worth the pain of another last call.

> 1. --There have been THREE previous, soundly-rejected last calls, the
> last one with literally dozens, perhaps hundreds of people against it.

The first last Call was not rejected at all.  It supported  
publication but was
invalidated by the late IPR disclosure.  The third Last Call was rather
divided, IMHO.  And "hundreds" is a gross exaggeration...

> 2. --There are a couple of web page on the deception perpetrated by
> Housley, Brown, Polk et al at
>  http://www.av8.net/IETF-watch/People/Housley/index.html
>  http://www.av8.net/IETF-watch/People/TimPolk/index.html
> The IETF and IESG positions should not be used to benefit the
> office-holders through deception of the IETF.  The members of the ISOC
> and participants in the ISOC IETF Activity have clearly rejected  
> the use
> of IESG seats for this purpose.

The allegations are bogus.  I am not benefiting in any way, and there  
has
been no deception.  There is no attempt to circumvent the community,  
only
an attempt to determine if consensus supports publication given the new
IPR disclosure statement.

> 3. --There have been reports of similar issues in recent lawsuit where
> the plaintiff patent-holder acted similarly to Housley/Brown/Polk  
> et al
> and was found to have engaged in "aggravated litigation abuse". In  
> that
> case, the Judge ruled the patents unenforceable as a penalty for the
> deception of the standards body in that case.  (see
> http://www.ietf.org/mail-archive/web/ipr-wg/current/msg05089.html and
> http://www.cafc.uscourts.gov/opinions/07-1545.pdf)

In my opinion, these cases are irrelevant to the question presently  
at hand.
This last call considers this specification in light of the published  
IPR
disclosure 1026.  If this specification is approved and new IPR  
claims are
submitted in the future, then these cases would be relevant.

> 4. --There is no community consensus to proceed, nor any demand  
> from the
> community to have this protocol standardized.

I would say this is a rather premature consensus call.    It's four  
weeks for
individual submissions, not four hours.

And I have certainly received email that shows members of the community
(other than the authors) want to use this technology.

>
> 5. --There is only one implementation: Brown&Housley's

You know that's not true. Simon Josefsson also implemented authz,  
although
he removed it from his distribution after the initial IPR disclosure.

>
> These reasons are sufficient to preclude a standard under the rules of
> the IETF.

Since I disagree with all your reasons, it shouldn't be surprising  
that I disagree
with the conclusion.

[stuff deleted, moving onto substantive (IMHO) discussion.]

> It is also my opinion that there is no need for this subprotocol given
> the other IETF authorization protocols and standards that would  
> operate
> transparently inside a TLS channel and need no special TLS handling.

There are members of the community that disagree.  Some have posted
already.

> But
> if there is consensus that there is indeed a genuine need to have an
> authorization sub-protocol as part of TLS, then I believe a new
> sub-protocol should be developed openly and transparently that does  
> not
> infringe or utilize Brown's patent, so that Brown, Housley, Polk et al
> do not profit by the standard.

If you read the IPR disclosure statement you will find that this  
specification
does not infringe or utilize RedPhone's IPR.

No technical issues have been raised concerning this protocol, and I am
not aware of any proposed alternatives.

Failure to publish at this point would simply be biting the nose off  
to spite
the face.

Tim Polk


>
> Dean Anderson
> CEO
> AV8 Internet, Inc
>
>
>
> -- 
> Av8 Internet   Prepared to pay a premium for better service?
> www.av8.net         faster, more reliable, better service
> 617 344 9000
>
>
>
>

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.29.0 | Report a Bug | By Email | System Status