IETF Logo Mail Archive

Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

Nikos Mavrogiannopoulos <nmav@gnutls.org> Tue, 21 July 2009 14:56 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 36E6428C299; Tue, 21 Jul 2009 07:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.847
X-Spam-Level:
X-Spam-Status: No, score=-0.847 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cfpk1Gh29vDo; Tue, 21 Jul 2009 07:56:52 -0700 (PDT)
Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by core3.amsl.com (Postfix) with ESMTP id AB4263A68DD; Tue, 21 Jul 2009 07:56:51 -0700 (PDT)
Received: by ewy26 with SMTP id 26so3109551ewy.37 for <multiple recipients>; Tue, 21 Jul 2009 07:56:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type:content-transfer-encoding; bh=8HwMGRpeEf4AsvWYA43wYaWr5054X8O6hTLCfuDAfNs=; b=urqocv/y1i2VwtLwxLRBFfohiKg7VjxazgWZXeT4YD5W0Uu4WOi479H12sjFziocc+ L2SOyIVJW/rQ+VIX/ZQ5+87s8qJmNdy1Oc/Qn7l9HqhwpZ6LZdXXpgB8E9fPqlYh9c/N aPAa9CEACKcaM4kmrrivtO5uHdGWC+q7wcfZ0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=hRwQT3zrnYhqh9KsxvYIylvy2piRKt00fO7KxUKrkbxsgKoOCDFdmWU16/Tb3jp9hb m2Oe9su44KqAkWlWOxCZomXVx5Ky6tTY8khdsFOSBXJb0mTl2LXvOIiRyDwGrGfpR99A hITsylYHg8hdBdvWwRQTUFr0se3WShKIud43M=
MIME-Version: 1.0
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.216.21.65 with SMTP id q43mr1551393weq.43.1248187733279; Tue, 21 Jul 2009 07:48:53 -0700 (PDT)
In-Reply-To: <026364d64021d6cef8b930cf16df1221.squirrel@www.trepanning.net>
References: <Pine.LNX.4.44.0907201436360.16218-100000@citation2.av8.net> <026364d64021d6cef8b930cf16df1221.squirrel@www.trepanning.net>
Date: Tue, 21 Jul 2009 17:48:53 +0300
X-Google-Sender-Auth: 1fcb6e035479611d
Message-ID: <c331d99a0907210748o1c342a7at1cbd34b587da304c@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: tls@ietf.org, ietf@ietf.org, rms@gnu.org
Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2009 14:56:53 -0000

I'd propose to add this text to the standard:
This protocol MUST NOT be used with RFC4492, RFC5289 and
draft-rescorla-tls-suiteb.

That way the certicom's patents are not applicable.

On Mon, Jul 20, 2009 at 11:24 PM, Dan Harkins<dharkins@lounge.org> wrote:
>
>  Certicom's IPR statement dated 13 October 2008 lists some patents
> that "may be necessary and essential to implementations of..." the
> TLS extractor draft "when used with either: " RFC4492, RFC5289
> or draft-rescorla-tls-suiteb. Check it out:
>
> http://www.certicom.com/images/pdfs/certicom%20-ipr-contribution-to-ietfsept08.pdf
>
>  Don't use it with RFC4492, RFC5289 or draft-rescorla-tls-suiteb and
> then the IPR statement does not apply. If it's possible to use the TLS
> extractor draft in a way that the IPR statement doesn't apply then I
> don't think you can say "the TLS Extractor draft is patent-encumbered".
>
>  I support free software* and I have no problem with this draft being
> advanced as a Proposed Standard.
>
>  regards,
>
>  Dan.
>
> * http://www.lounge.org/siv_for_openssl.tgz is a free version of RFC5297
>  for OpenSSL, and check out the "authsae" project on Source Forge.
>
> On Mon, July 20, 2009 12:15 pm, Dean Anderson wrote:
>> I am against this standard because of its patent encumbrances and
>> non-free licencing terms.  The working group did not get any clear
>> answers on what particular patents this draft may infringe, but a patent
>> holder (Certicom) did assert an IPR disclosure (1004) listing many
>> patents.  We have no alternative but to accept the Certicom disclosure
>> statements as meaning that the TLS Extractor draft is patent-encumbered
>> without a universal, free defensive license.
>>
>> The statement by https://datatrackerietf.org/ipr/1004/ referring to
>> http://www.certicom.com/images/pdfs/certicom%20-ipr-contribution-to-ietfsept08.pdf
>> which states:
>>
>>   "Certicom will, upon request, provide a nonexclusive, royalty free
>> patent license, to manufacturers to permit end users (including both
>> client and server sides), to use the patents in schedule A when
>> implementing any of these protocols, including those requiring third
>> party certificates provided the certificate is obtained from a licensed
>> Certificate Authority (CA). This license does not cover the issuing of
>> certificates by a Certification Authority (CA)."
>>
>> That is not a free license, since Certicom must respond to the "request"
>> before any license is granted. After the IETF finally approves the
>> necessary standards, Certicom is free to stop approving the requests.
>>
>> I ask others who support free software to join me in opposing this
>> document by sending a message stating opposition to the IETF@IETF.ORG
>> mailing list.  IETF participation is open to the public, and anyone may
>> voice their view on IETF standards.  It is also substantive to oppose a
>> document because of its patent status, and in fact, any topic that is
>> considered during or related to the IETF process is substantive.
>>
>>               --Dean
>>
>>
>> On Mon, 20 Jul 2009, The IESG wrote:
>>
>>> The IESG has received a request from the Transport Layer Security WG
>>> (tls) to consider the following document:
>>>
>>> - 'Keying Material Exporters for Transport Layer Security (TLS) '
>>>    <draft-ietf-tls-extractor-06.txt> as a Proposed Standard
>>>
>>> The IESG plans to make a decision in the next few weeks, and solicits
>>> final comments on this action.  Please send substantive comments to the
>>> ietf@ietf.org mailing lists by 2009-08-10. Exceptionally,
>>> comments may be sent to iesg@ietf.org instead. In either case, please
>>> retain the beginning of the Subject line to allow automated sorting.
>>>
>>> The file can be obtained via
>>> http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt
>>>
>>>
>>> IESG discussion can be tracked via
>>> https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16821&rfc_flag=0
>>>
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>>
>>>
>>
>> --
>> Av8 Internet   Prepared to pay a premium for better service?
>> www.av8.net         faster, more reliable, better service
>> 617 344 9000
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email