Re: [regext] draft-ietf-eppext-keyrelay unreasonably stuck on IPR?

[Job Snijders <job@instituut.net>]

Dear Working Group,

TL;DR: the working group should move forward and disregard Verisign's IPR claim.

On Wed, Nov 09, 2016 at 07:47:49PM +0100, Antoin Verschuren wrote:
> Just so that everyone has the same information regarding the IPR we
> are discussing, the patent application and it’s EPO process can be
> found here: https://register.epo.org/ipfwretrieve?apn=US.201113078643.A&lng=en
> 
> The patent application has been officially rejected by the patent
> office twice now in the past 5 years due to prior art.
> [ snip ]
> 
> That being said, we as a working group need to decide what we want to
> do.
> 
> So as a working group, we basically have only 2 options left:
> 1. We could kindly convince Verisign with arguments that stallment of
> this IPR claim is negatively impacting Internet security like Job has
> done, and ask them to withdraw or quickly proceed with their
> application. (snip)
>
> 2. We could jointly state that we took notice of the IPR claim, and
> that no matter what the licensing terms or outcome of the application
> is, we would like to standardize the solution in our Internet draft
> since it is the only best solution.
> 
> If we choose for option 2, we need to state why we think the patent
> application or it’s licensing terms don’t matter to us.

Given that Verisign demonstrated an unwillingness to amend their License
Declaration, I'd like to support option 2.

I have a few supporting notes to share regarding option 2:

    1) Any draft or any mechanism that defines howto securely
transfer a domainname without breaking the DNSSEC chain of trust, will
inevitably be contaminated by Verisigns IPR disclosure for WO2012135492:
be it EPP, RDAP, koch-dnsop-dnssec-operator-change, Fax or anything we
can come up with. Enough is enough. We need this tool and variants of
this tool. One US company should not be handed the power to obstruct at
the expense of the global community. Tossing 'keyrelay' in the bin and
starting over won't prevent Verisign from doing the exact same thing, so
we might as well move this one forward.

    2) Verisign's motivation for their unforthcoming attitude is
irrelevant. Whether Verisign believe they can employ patent applications
as a strategic device to delay drafts or whether it is mere organisational
incompetence doesn't matter, the outcome is the same. Antoin is right
that this anti-social behaviour needs to be addressed in a broader
context, 'keyrelay' delay will serve as an excellent example of
collateral damage due to poorly choosen IPR License Declarations.

    3) Verisign's patent application and licensing terms for the rights
they might be able to claim (if any), are likely to be confined to a
narrow geographic, while on the other hand, the IETF standards serve a
global audience. An RFC that is contested in one region can still be
perfectly fine and usable in another region.

    4) The legal ramifications and lawsuits will be handled outside of
IETF anyway. Given point (1), the working group cannot improve upon the
presented work in any meaningful way, which means that we'll have to
accept the IPR claim as it is and deal with the fallout through normal
pathways. From the looks of it, the USPTO, EPO and possible other venues
will be working on this item for the years to come, regardless of what
choice the IETF makes in this context.

    5) Based on Antoin's write-up, I have good reason to believe prior
art exists and the patent application will be shredded after careful
scrutinization, just as EPO demonstrated by rejecting the patent twice
already.

In addition to the above, I encourage people to discuss and reevaluate
their collaborations with Verisign at a later date.

Kind regards,

Job