IETF Logo Mail Archive

Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exportersfor Transport Layer Security (TLS)) to Proposed Standard

Simon Josefsson <simon@josefsson.org> Wed, 22 July 2009 21:29 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 320FF3A69DD; Wed, 22 Jul 2009 14:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GEPpZrggTaZn; Wed, 22 Jul 2009 14:29:28 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 3528828C0E3; Wed, 22 Jul 2009 14:29:05 -0700 (PDT)
Received: from mocca.josefsson.org (c80-216-31-183.bredband.comhem.se [80.216.31.183]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n6MLQga2027398 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 22 Jul 2009 23:26:44 +0200
From: Simon Josefsson <simon@josefsson.org>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
References: <20090720164816.328D928C1C8@core3.amsl.com> <87y6qg8qfz.fsf@mocca.josefsson.org> <AC1CFD94F59A264488DC2BEC3E890DE50867B6F2@xmb-sjc-225.amer.cisco.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:090722:tls@ietf.org::B1LP/KUmJQ16FK0t:0/b4
X-Hashcash: 1:22:090722:jsalowey@cisco.com::AEjt5cigukHJVRse:28UY
X-Hashcash: 1:22:090722:ietf@ietf.org::+bfNkPVLUGzBfz/8:Y2RT
Date: Wed, 22 Jul 2009 23:26:41 +0200
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50867B6F2@xmb-sjc-225.amer.cisco.com> (Joseph Salowey's message of "Wed, 22 Jul 2009 13:57:12 -0700")
Message-ID: <87ab2wwgry.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.96 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: clamav-milter 0.95.2 at yxa-v
X-Virus-Status: Clean
Cc: ietf@ietf.org, tls@ietf.org
Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exportersfor Transport Layer Security (TLS)) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2009 21:29:29 -0000

Let's go back to RFC 3979:

  6.4.  What Must be in a Disclosure?

  6.4.1.  The disclosure must list the numbers of any issued patents or
   published patent applications or indicate that the claim is based on
   unpublished patent applications.  The disclosure must also list the
   specific IETF or RFC Editor Document(s) or activity affected.

The "draft-ietf-tls-extractor-06" name is mentioned in the disclosure.

For what it's worth, the PDF referenced in the disclosure also mentions
draft-ietf-tls-extractor-06.

Together, I can't read this in any other way that Certicom believes they
have some patents covering draft-ietf-tls-extractor-06 and have followed
the RFC 3979 rules and informed the IETF about this.

If Certicom didn't intend to claim they believe they own patents that
they believe covers draft-ietf-tls-extractor-06 they need to supersede
the disclosure with one that does not mention that document.

The reason for this situation may be the poor terminology used by the
IETF IPR web pages.  I understand and appreciate that Certicom has tried
to clarify the situation, but to me the updated form does not improve
the situation.  Perhaps Certicom would be able to more easily create a
disclosure that matches RFC 3979 rules if the web pages were improved.

/Simon

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> writes:

> While I see that draft-ietf-tls-extractor is listed in section IV of
> #1154 IPR disclosure as related material,  I see that it is explicitly
> not listed in section V part C which lists what is specifically covered
> by the disclosure.  I don't think Certicom is claiming IPR on
> draft-ietf-tls-extractor because it is not among the list of documents
> in section V.   
>
> Joe
>
>> -----Original Message-----
>> From: ietf-bounces@ietf.org [mailto:ietf-bounces@ietf.org] On 
>> Behalf Of Simon Josefsson
>> Sent: Wednesday, July 22, 2009 12:32 PM
>> To: ietf@ietf.org; tls@ietf.org
>> Subject: Re: Last Call: draft-ietf-tls-extractor (Keying 
>> Material Exportersfor Transport Layer Security (TLS)) to 
>> Proposed Standard
>> 
>> With the caveat that I have recently returned from vacation, 
>> and consequently may have missed some clarifications or paged out some
>> context:
>> 
>> If the #1154 IPR disclosure is the final word from Certicom 
>> on this document, I don't support advancing this document on 
>> the standards track.  My concern remains that Certicom claims 
>> they have IPR that covers the document -- that is what the 
>> #1154 disclosure says (section IV).  The additional 
>> information provided in the PDF is not helping: it grants a 
>> license for use together with ECC.  It doesn't say anything 
>> about the use without ECC.
>> 
>> The way I see it, TLS implementers and the broader Internet 
>> does not gain something significant by having this document 
>> published.  Other IETF documents can use the TLS PRF to 
>> derive keying material.  On the contrary, it seems both TLS 
>> implementers and the broader Internet community would be hurt 
>> by publishing the document since having patent threats 
>> looming over widely used techniques has stability and 
>> interoperability impacts.
>> 
>> I recall that Certicom was positive about clarifying their 
>> intentions so maybe we can continue that discussion and get 
>> something more useful than the recent disclosure.
>> 
>> Speaking as TLS implementer of the document and document [1] 
>> author that reference this document, /Simon
>> 
>> [1] 
>> http://tools.ietf.org/html/draft-josefsson-krb5starttls-bootstrap-02
>> 
>> The IESG <iesg-secretary@ietf.org> writes:
>> 
>> > The IESG has received a request from the Transport Layer Security WG
>> > (tls) to consider the following document:
>> >
>> > - 'Keying Material Exporters for Transport Layer Security (TLS) '
>> >    <draft-ietf-tls-extractor-06.txt> as a Proposed Standard
>> >
>> > The IESG plans to make a decision in the next few weeks, 
>> and solicits 
>> > final comments on this action.  Please send substantive comments to 
>> > the ietf@ietf.org mailing lists by 2009-08-10. 
>> Exceptionally, comments 
>> > may be sent to iesg@ietf.org instead. In either case, please retain 
>> > the beginning of the Subject line to allow automated sorting.
>> >
>> > The file can be obtained via
>> > http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt
>> >
>> >
>> > IESG discussion can be tracked via
>> > 
>> https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTa
>> > g=16821&rfc_flag=0
>> _______________________________________________
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
>>

v2.23.0 | Report a Bug | By Email