Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

Richard Stallman <rms@gnu.org> Wed, 22 July 2009 22:22 UTC

Return-Path: <rms@gnu.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47B6A28C15A; Wed, 22 Jul 2009 15:22:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K3j+AegoRGkk; Wed, 22 Jul 2009 15:22:15 -0700 (PDT)
Received: from fencepost.gnu.org (fencepost.gnu.org [140.186.70.10]) by core3.amsl.com (Postfix) with ESMTP id 41A5D28C132; Wed, 22 Jul 2009 15:22:15 -0700 (PDT)
Received: from rms by fencepost.gnu.org with local (Exim 4.67) (envelope-from <rms@gnu.org>) id 1MTkBi-0007Gi-5e; Wed, 22 Jul 2009 18:21:26 -0400
Content-Type: text/plain; charset="ISO-8859-15"
From: Richard Stallman <rms@gnu.org>
To: Nicolas Williams <Nicolas.Williams@sun.com>
In-reply-to: <20090721195028.GQ1020@Sun.COM> (message from Nicolas Williams on Tue, 21 Jul 2009 14:50:28 -0500)
References: <026364d64021d6cef8b930cf16df1221.squirrel@www.trepanning.net> <Pine.LNX.4.44.0907201645020.16218-100000@citation2.av8.net> <20090721195028.GQ1020@Sun.COM>
Message-Id: <E1MTkBi-0007Gi-5e@fencepost.gnu.org>
Date: Wed, 22 Jul 2009 18:21:26 -0400
Cc: tls@ietf.org, ietf-honest@lists.iadl.org, ietf@ietf.org
Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: rms@gnu.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2009 22:22:16 -0000

    The IPR applies to

Since we're talking about patents, calling them "IPR"
just introduces gratuitous vagueness.  Patent law and copyright
law have very little in common, so lumping them together is
basically a mistake.  And there are a dozen other areas of laws
which you're generalizing about each time you say "IPR".

See http://www.gnu.org/philosophy/not-ipr.html for more explaation
of why the term "intellectual property" is harmful.

If you call them "patents", it takes 4 more characters and
avoids the confusion.  So the real question is this:

    Suppose you have an implementation of TLS that has a license to
    Certicom's ECC patents, and suppose that you have an application that
    uses draft-ietf-tls-extractor, and the application does not have its
    own license to Certicom's ECC patents -- is the application then
    infringing Certicom's patents?

(An analogous question about copyrights would not be meaningful
or interesting, because copyright does totally different things.)

I don't know the answer to that question, but I can follow you in
considering the consequences of a possible yes answer.

    However if the answer is yes, then the TLS implementation must not
    export the TLS extractor to applications when doing so would cause the
    applications to infringe.

There is no technical way that the TLS implementation can tell whether
the application has a patent license.  That could be changed from the
day to the next, by the actions of lawyers and businessmen, without
any change in the code of the application.

So the question that would follow is, what good is a standard which
people are free to implement in a library, but cannot actually use
without asking permission?