IETF Logo Mail Archive

Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

Richard Stallman <rms@gnu.org> Tue, 28 July 2009 04:36 UTC

Return-Path: <rms@gnu.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3CC73A6C24; Mon, 27 Jul 2009 21:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.599
X-Spam-Level:
X-Spam-Status: No, score=-5.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqsCo8QxXFBG; Mon, 27 Jul 2009 21:36:26 -0700 (PDT)
Received: from fencepost.gnu.org (fencepost.gnu.org [140.186.70.10]) by core3.amsl.com (Postfix) with ESMTP id E470F3A6BD2; Mon, 27 Jul 2009 21:36:25 -0700 (PDT)
Received: from rms by fencepost.gnu.org with local (Exim 4.67) (envelope-from <rms@gnu.org>) id 1MVeQM-0004rN-57; Tue, 28 Jul 2009 00:36:26 -0400
Content-Type: text/plain; charset="ISO-8859-15"
From: Richard Stallman <rms@gnu.org>
To: jnc@mercury.lcs.mit.edu
In-reply-to: <20090727164652.DB5636BE59A@mercury.lcs.mit.edu> (jnc@mercury.lcs.mit.edu)
References: <20090727164652.DB5636BE59A@mercury.lcs.mit.edu>
Message-Id: <E1MVeQM-0004rN-57@fencepost.gnu.org>
Date: Tue, 28 Jul 2009 00:36:26 -0400
Cc: jnc@mercury.lcs.mit.edu, ietf@ietf.org, tls@ietf.org
Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: rms@gnu.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 04:36:26 -0000

	> Generally speaking, standards are useful, because they enable people to
	> converge what they are doing. But that ceases to be true when the use of
	> the standard is patented. It is better to have no standard than have a
	> standard that invites people into danger.

    But for any standard, there might be a 'submarine' patent (i.e. one not
    declared to the IETF, which will be sprung once use of the standard is
    widespread). That standard will have "invite[d] people into danger".

That argument seems to be based on the general premise that "Since we
can never be perfectly safe, we should ignore even obvious risks."

    Or if I don't like a particular proposed standard, I can say 'hey, I have this
    patent, and I claim it applies'.

In theory yes, but it seems unlikely that anyone wants to do this.
We should not ignore a real danger to avoid an imaginary one.

    So what's the answer - no standards at all? Of course not, we take a
    calculated risk, based on an intuitive cost-benefit analysis, and do the
    standards.

In this case we see a real and specific threat, and we can live
without the standard just fine.

    (And sometimes the benefits of an encumbered standard are actually worth the
    costs. Case in point, the standards which used RSA public-private keysystems.)

Since the patents mostly prevented the use of RSA, there was no room
for the standards to do any good, or much harm.

v2.23.0 | Report a Bug | By Email