IETF Logo Mail Archive

Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 28 February 2013 21:36 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BD5F21F863C for <oauth@ietfa.amsl.com>; Thu, 28 Feb 2013 13:36:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.534
X-Spam-Level:
X-Spam-Status: No, score=-102.534 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZWoJM-gwJJo for <oauth@ietfa.amsl.com>; Thu, 28 Feb 2013 13:36:52 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ietfa.amsl.com (Postfix) with ESMTP id AE8FA21F859A for <oauth@ietf.org>; Thu, 28 Feb 2013 13:36:51 -0800 (PST)
Received: from mailout-de.gmx.net ([10.1.76.28]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0MFOSw-1U5j663Bfo-00ELmr for <oauth@ietf.org>; Thu, 28 Feb 2013 22:36:50 +0100
Received: (qmail invoked by alias); 28 Feb 2013 21:36:50 -0000
Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.115]) [88.115.219.140] by mail.gmx.net (mp028) with SMTP; 28 Feb 2013 22:36:50 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX184/GVU+Xs4uPURILEdZpTYqvAuSqbjgrqh/pzPQx iBCPMHl4HyKhk4
Message-ID: <512FCDF0.6010807@gmx.net>
Date: Thu, 28 Feb 2013 23:36:48 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130221 Thunderbird/17.0.3
MIME-Version: 1.0
To: oleg@gryb.info
References: <1362079266.8952.YahooMailClassic@web141002.mail.bf1.yahoo.com>
In-Reply-To: <1362079266.8952.YahooMailClassic@web141002.mail.bf1.yahoo.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Fw: IPR Disclosure: - What to Do with JWT ?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2013 21:36:52 -0000

Hi Oleg,

my personal experience with Certicom's IPR disclosures is that they 
focus on Elliptic Curve Cryptography. There were several IPR disclosures 
on documents in the JOSE WG and some of them contain ECC algorithms.

The JWT does not list an ECC algorithm but the referenced documents do.

Having said that the two cited IPRs seem to be:
http://www.google.com/patents/US6704870
http://www.google.com/patents/US7215773

Take a look at it and make your assessment whether there is anything we 
can change.

Ciao
Hannes


On 02/28/2013 09:21 PM, Oleg Gryb wrote:
> Dear OAuth WG and Chairs,
>
> Can somebody please comment the Certicom's disclosure below? If the
> purpose of this disclosure is to inform us that JWT can be potentially a
> subject of royalties and other possible legal actions, the value of
> adopting JWT in the scope of OAuth 2.0 IETF standard would definitely
> diminish and if this is the case shouldn't we consider replacing it with
> something similar, but different, which would not be a subject of the
> future possible litigation?
>
> I'm not a lawyer and might not understand the statement below correctly,
> so please let me know if/where I'm wrong. Please keep in mind also that
> the popularity of JWT is growing fast along with the implementations, so
> we need to do something quickly.
>
> Thanks,
> Oleg.
>
>
> --- On *Wed, 2/27/13, IETF Secretariat /<ietf-ipr@ietf.org>/* wrote:
>
>
>     From: IETF Secretariat <ietf-ipr@ietf.org>
>     Subject: [OAUTH-WG] IPR Disclosure: Certicom Corporation's Statement
>     about IPR related to draft-ietf-oauth-json-web-token-06 (2)
>     To: mbj@microsoft.com, ve7jtb@ve7jtb.com, n-sakimura@nri.co.jp
>     Cc: derek@ihtfp.com, oauth@ietf.org, ipr-announce@ietf.org
>     Date: Wednesday, February 27, 2013, 4:16 PM
>
>
>     Dear Michael Jones, John Bradley, Nat Sakimura:
>
>     An IPR disclosure that pertains to your Internet-Draft entitled
>     "JSON Web Token
>     (JWT)" (draft-ietf-oauth-json-web-token) was submitted to the IETF
>     Secretariat
>     on 2013-02-20 and has been posted on the "IETF Page of Intellectual
>     Property
>     Rights Disclosures" (https://datatracker.ietf.org/ipr/1968/). The
>     title of the
>     IPR disclosure is "Certicom Corporation's Statement about IPR
>     related to draft-
>     ietf-oauth-json-web-token-06 (2)."");
>
>     The IETF Secretariat
>
>     _______________________________________________
>     OAuth mailing list
>     OAuth@ietf.org </mc/compose?to=OAuth@ietf.org>
>     https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email