IETF Logo Mail Archive

[rtcweb] IETF requirements for mandatory technologies

Ron <ron@debian.org> Fri, 20 December 2013 23:43 UTC

Return-Path: <ron@debian.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4587E1AE073 for <rtcweb@ietfa.amsl.com>; Fri, 20 Dec 2013 15:43:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.9
X-Spam-Level:
X-Spam-Status: No, score=-3.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DSgUJqbkJp9m for <rtcweb@ietfa.amsl.com>; Fri, 20 Dec 2013 15:43:01 -0800 (PST)
Received: from ipmail07.adl2.internode.on.net (ipmail07.adl2.internode.on.net [IPv6:2001:44b8:8060:ff02:300:1:2:7]) by ietfa.amsl.com (Postfix) with ESMTP id 1DBFF1ADD9D for <rtcweb@ietf.org>; Fri, 20 Dec 2013 15:43:00 -0800 (PST)
Received: from ppp118-210-62-207.lns20.adl2.internode.on.net (HELO audi.shelbyville.oz) ([118.210.62.207]) by ipmail07.adl2.internode.on.net with ESMTP; 21 Dec 2013 10:12:56 +1030
Received: from localhost (localhost [127.0.0.1]) by audi.shelbyville.oz (Postfix) with ESMTP id 3D9E64F8F3; Sat, 21 Dec 2013 10:12:55 +1030 (CST)
X-Virus-Scanned: Debian amavisd-new at audi.shelbyville.oz
Received: from audi.shelbyville.oz ([127.0.0.1]) by localhost (audi.shelbyville.oz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Nxw1Nim7Hw-C; Sat, 21 Dec 2013 10:12:54 +1030 (CST)
Received: by audi.shelbyville.oz (Postfix, from userid 1000) id 932754F902; Sat, 21 Dec 2013 10:12:54 +1030 (CST)
Date: Sat, 21 Dec 2013 10:12:54 +1030
From: Ron <ron@debian.org>
To: Stephan Wenger <stewe@stewe.org>
Message-ID: <20131220234254.GR3245@audi.shelbyville.oz>
References: <20131220213922.GP3245@audi.shelbyville.oz> <CEDA07B9.3E240%stewe@stewe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CEDA07B9.3E240%stewe@stewe.org>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: [rtcweb] IETF requirements for mandatory technologies
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2013 23:43:03 -0000

Hi Stephan,

On Fri, Dec 20, 2013 at 10:46:24PM +0000, Stephan Wenger wrote:
> Ron,
> 
> On 12/20/13, 1:39 PM, "Ron" <ron@debian.org> wrote:
> 
> >[Š]
> >And it would also seem to be subject to the IETF requirement that security
> >technologies MUST be strictly RF.
> 
> There is no such requirement.  The only requirement that I recall related
> to security technologies is that, whenever security is mandated, that
> there MUST be at least one RF security technology be mandated.  Optional
> other security technologies can be royalty bearing or otherwise encumbered.

Sorry, I thought the context there was clear, but I was indeed only referring
to mandatory requirements.  Optional things do seem to be in a different boat
there for several reasons that I don't think are in dispute.

It is indeed *all* mandatory technologies though, not just "at least one".

  An IETF consensus has developed that no mandatory-to-implement security
  technology can be specified in an IETF specification unless it has no
  known IPR claims against it or a royalty-free license is available ...

You're correct if they are optional, and I didn't mean to imply otherwise.


> Also please note that security is the one single exception we currently
> have in the IETF where there exists an actual licensing requirement.  I
> would argue very strongly against creating another such precedence.

It's ok, I'm not arguing here for the expansion of this (or any other
requirement) -- I'm trying to get to the bottom of the rationale for
dodging the other already existing requirements, for which there seem
to be no such exceptions granted at all, and for the disclosures at
least, rather explicit "no excuses" requirements.

In the case of AES, I would assume that any existing IPR, should there
have been any, would have been required to be reported against the draft
that proposed mandating it, even by citation alone, and would have then
required the WG to pick some other option that wasn't so encumbered.
Even if there was no contributor in that case with an obligation to
disclose, the WG still had an extra obligation to ensure it was RF
(which obviously then makes a whole range of things much simpler, and
adds some practical liberties to pragmatically 'cut some corners', since
they could always be easily remedied after the fact if needed).


Here we have something that is proposed to be even more mandatory than
AES was, by people who haven't shown which IETF requirement gives them
an excuse not to disclose, and which clearly doesn't get the benefit of
any of the relaxations the IETF offers for RF technology.

I don't see how making some technology a strictly required IETF standard
by the back door path of deferring to a citation can exempt it from all
of the other normal requirements -- without driving a bulldozer through
both the spirit and the letter of those requirements.


Unless somebody can explain that, it's hard to see how this group could
do anything but reject that technology as mandatory, or face the shame
of having the broader IETF do that for us when it goes up for review.
And I'd like to not be in the shamed bunch when I decide how to answer
the survey questions that the chairs have posed :)  So I'm trying hard
to find out if there really is something I'm missing here.

  Cheers,
  Ron


> >Which leaves the door open that the IETF
> >_could_ always assume change control of it if the need ever arose.  Which
> >seems reasonably pragmatic, even absent the "mandatory unless" language,
> >and the IETF does make sensible exceptions for strictly RF technologies.
> >
> >We don't appear to have that option in the case of H.264 though, in the
> >light of declarations and statements that insist there would never be a
> >licence granted for an alternative but similar technology, by at least
> >one major IPR holder.
> >
> >
> >I know we're edging out of the scope of things that this group is
> >chartered
> >to decide on, but I don't see any document that explicitly gives us the
> >option to ignore these requirements either, and it does seem relevant to
> >the decision that we need to make.
> >
> >Even after we decide on something (assuming that we do), it's still going
> >to need to run the gauntlet of the broader IETF, and we seem to be
> >somewhat
> >perilously close to a loophole whereby I could reference something which
> >I hold IPR on, that was published in the newsletter of my mother's
> >knitting
> >group, and then assert with a Straight Face, that I have no obligation to
> >disclose, since it was Published Elsewhere.  And point to the discussion
> >here as precedent for that.
> >
> >
> >The IETF requirements as published would seem to be very clear.  Where
> >does
> >our leeway come from to blur those lines here?
> >
> >  Cheers,
> >  Ron

v2.23.0 | Report a Bug | By Email