IETF Logo Mail Archive

Re: [IPsec] New criteria draft

"Dan Harkins" <dharkins@lounge.org> Thu, 11 March 2010 19:59 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 31F373A68B9 for <ipsec@core3.amsl.com>; Thu, 11 Mar 2010 11:59:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.19
X-Spam-Level:
X-Spam-Status: No, score=-6.19 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RiHlEW-Tiey1 for <ipsec@core3.amsl.com>; Thu, 11 Mar 2010 11:59:33 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by core3.amsl.com (Postfix) with ESMTP id CD32D3A6985 for <ipsec@ietf.org>; Thu, 11 Mar 2010 11:45:10 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 320091022404A; Thu, 11 Mar 2010 11:45:16 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Thu, 11 Mar 2010 11:45:16 -0800 (PST)
Message-ID: <e79a957670273d1de6582f27ba3266bb.squirrel@www.trepanning.net>
In-Reply-To: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05E0C89C@il-ex01.ad.checkpoint.co m>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05E0C889@il-ex01.ad.checkpoint.com>, <39fb97c8009b2eefcbed01b9f77d9cea.squirrel@www.trepanning.net> <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05E0C89C@il-ex01.ad.checkpoint.com>
Date: Thu, 11 Mar 2010 11:45:16 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Yaron Sheffer <yaronf@checkpoint.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Dan Harkins <dharkins@lounge.org>
Subject: Re: [IPsec] New criteria draft
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2010 19:59:34 -0000

  Hi Yaron,

On Thu, March 11, 2010 10:33 am, Yaron Sheffer wrote:
[snip]
>
> In fact, I did not miss these two comments. I did not list 802.11s because
> I prefer to list only standards that are primarily vetted by the security
> community. Hence the "Securty Standards" column in -01.

  Then neither draft-sheffer-emu-eap-eke nor draft-harkins-emu-eap-pwd
should be listed since EMU is no more "the security community" than 802.11
is and an individual submission is not necessarily vetted by anybody,
security or otherwise.

  I fail to see a rationale for only having "security standards" anyway.
The table is illustrative, it's showing where the underlying exchange is
used.

> Regarding the second comment, while in principle I agree that it could
> apply to anything done at the IETF, unfortunately in our case it does
> apply. It applies because of two reasons:
>
> - Spurious (whether legitimate or not, I cannot say) IPR statements made
> agaist SRP.
>
> - The sheer amount of patents in this area that must be analysed to
> ensure, with a high level of confidence, that you will not be sued for
> implementing X.

  Yes, it's true for our case. And, as I said, it's true for every case!
Statements of "it may or may not..." apply to everything. You could just
as easily, and correctly, said, "it may or may not be blue", or "it may or
may not be carbon-based". Since the statement applies to everything it
provides no meaning. It does mean something, though, when you selectively
apply a statement that is true for everything. Which is further
justification to remove it.

> And I disagree with your statement below, "It is not our job to prove that
> no patents apply to some technology." As individuals, and for many of us,
> as employees, it is our job to ensure ourselves that we (or our company)
> will not be getting into legal/financial trouble by making this choice.

  This is an IETF mailing list so I'm not using the 1st person plural
to mean collective individuals or employees of various companies. I'm
using it to mean people doing IETF business. It is not the function of
the IETF to provide legal opinion on the validity of patents to prevent
collections of individuals or various companies from "getting into
legal/financial trouble". So it is not our job _as IETFers_ to prove
whether patents do or do not exist and whether they apply to some
technology or not.

  You can provide your opinion to your company all you want, that is
eminently appropriate. I'll do the same to my company. And collectively
you and I as individuals can sit around a bar somewhere and hash out
IPR all we want. But getting into a "this applies and this doesn't apply
and there's the evil specter of the unknown that might also apply" in the
context of IETF work is not really approprate, and it's a rathole that we
would be better off avoiding.

> And I don't think this is "proving a negative". We can think of a process
> to get this level of confidence. But just shouting at one another will not
> get us there. Please see
> http://tools.ietf.org/html/draft-mcgrew-fundamental-ecc-01 for a creative
> approach to deal with IPR in another, somewhat related, contentious area.

  There doesn't have to be shouting to have a rathole.

  Yes, David's Fundamental ECC draft is creative and useful. There are
statements we can make regarding technology and the dates in which it
was brought to the public's attention and that can be used by the WG
when selecting a candidate. Let's take this as an example moving forward. 
We can make statements like:

    o "this technology was made public on <date>"; and,
    o "this technology is covered by <patent number>"; and,
    o "a patent has been applied for this technology on <date>"; and,
    o "when this technology was made public it was stated that
      no known patents applied and no patent applications were filed"

And since IPR has a time limit and we all acknowledge that something
"may or may not apply" to everything under the sun then we can then make
up our own minds on the topic. We don't need to get into the business of
arguing about whether a patent applies or not, or whether unknown patents
may or may not exist.

> Having said that, if you read -01 carefully, you will see that I'd rather
> focus our energies on discussing the security aspects rather than
> endlessly discussing IPR.

  Yes, but unfortunately you have written a criteria draft that will
ensure protracted and pointless IPR discussions when we get around to
evaluating the candidates.

  regards,

  Dan.

v2.23.0 | Report a Bug | By Email