IETF Logo Mail Archive

Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC

Eric Rescorla <ekr@networkresonance.com> Fri, 27 June 2008 20:40 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A9AE3A6951; Fri, 27 Jun 2008 13:40:53 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 901A83A6951; Fri, 27 Jun 2008 13:40:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.318
X-Spam-Level:
X-Spam-Status: No, score=-2.318 tagged_above=-999 required=5 tests=[AWL=0.281, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-S8YmkbN-Bn; Fri, 27 Jun 2008 13:40:51 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id BF1643A682A; Fri, 27 Jun 2008 13:40:51 -0700 (PDT)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 3A429509A9; Fri, 27 Jun 2008 13:48:01 -0700 (PDT)
Date: Fri, 27 Jun 2008 13:48:01 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Dean Anderson <dean@av8.com>
In-Reply-To: <Pine.LNX.4.44.0806271534430.545-100000@citation2.av8.net>
References: <20080627173509.DDB69509AA@romeo.rtfm.com> <Pine.LNX.4.44.0806271534430.545-100000@citation2.av8.net>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Message-Id: <20080627204801.3A429509A9@romeo.rtfm.com>
Cc: iesg@ietf.org, rms@gnu.org, tls@ietf.org
Subject: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

At Fri, 27 Jun 2008 15:56:06 -0400 (EDT),
Dean Anderson wrote:
> 
> On Fri, 27 Jun 2008, Eric Rescorla wrote:
> 
> > 
> > This paragraph only refers to documents which did not go through
> > the IETF process, as implied by the first sentence of 4.2.3.
> 
> Indeed. And this document indeed did not properly follow the IETF
> process because it did not disclose IPR in accordance with RFC3979 and
> because it did not discuss non-patented alternatives, also in accordance
> with RFC3979.  The intent of 4.2.3 is to prevent the circumvention of
> the rules, and the IETF rules are not being followed.
>
> >    Unless they are the result of IETF Working Group action, documents
> >    intended to be published with Experimental or Informational status
> >    should be submitted directly to the RFC Editor.
> > 
> > This document was a TLS WG document, so had already been
> > coordinated with the IETF community.
> 
> That is precisely the point: it has NOT been properly coordinated with
> the internet community: Not all the pertinent facts were disclosed to
> the internet community.  
> 
> I think the recent events surrounding TLS-Authz at least indicate that
> the internet community is keenly interested in facts of patent
> encumbrance. These facts were apparently known to IESG managers and
> those managers also knew these facts would be important to the
> community, but kept the community in the dark, made false 
> representations in the draft, and failed to follow IETF policy.
> 
> The following paragraph in the 'ecc-new-mac draft is a false
> representation:
> 
>    By submitting this Internet-Draft, each author represents that any
>    applicable patent or other IPR claims of which he or she is aware
>    have been or will be disclosed, and any of which he or she becomes
>    aware will be disclosed, in accordance with Section 6 of BCP 79.

As I've stated already, the relevant IPR claims had already been
disclosed WRT RFC 4492, which this document lists as a normative
reference, as well as explicitly mentioning it in the abstract and
throughout the document, and it just didn't occur to me to file a
separate IPR disclosure listing this document specifically. As I
indicated earlier, I'll leave it to Joe and the ADs to determine
whether such disclosure was required by the process, process
violation, but from a practical perspective, I find it hard to believe
that any significant number of people reviewing the document were
unaware of the IPR situation, given the extensive discussion on this
topic when 4492 was approved.

-Ekr
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email