IETF Logo Mail Archive

Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls-extractor (Keying

Dean Anderson <dean@av8.com> Fri, 18 September 2009 18:49 UTC

Return-Path: <dean@av8.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4572C3A6B88 for <tls@core3.amsl.com>; Fri, 18 Sep 2009 11:49:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.564
X-Spam-Level:
X-Spam-Status: No, score=-2.564 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kScIwgsvg7el for <tls@core3.amsl.com>; Fri, 18 Sep 2009 11:49:11 -0700 (PDT)
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) by core3.amsl.com (Postfix) with ESMTP id 0D2823A6B85 for <tls@ietf.org>; Fri, 18 Sep 2009 11:49:04 -0700 (PDT)
Received: from citation2.av8.net (citation2.av8.net [130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id n8IInvDu023026 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 18 Sep 2009 14:49:57 -0400
Date: Fri, 18 Sep 2009 14:49:53 -0400
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Todd Glassey <tglassey@earthlink.net>
In-Reply-To: <4AB3A5F6.1030202@earthlink.net>
Message-ID: <Pine.LNX.4.44.0909181403430.27007-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: tls@ietf.org, ietf-honest@lists.iadl.org
Subject: Re: [TLS] [Ietf-honest] Last Call: draft-ietf-tls-extractor (Keying
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 18:49:13 -0000

Hi Todd,


I not sure why extractor is being brought up again. But many of your 
points are more general than just extractor.

Inline.

On Fri, 18 Sep 2009, Todd Glassey wrote:

> > Dean Anderson wrote:
> >
> > >
> > > This is a problem. The official statement is the IPR disclosure, which
> > > should contain the terms used by the IETF in its decision to approve the
> > > document.
>
> Dan - the IPR notice is a statement of the ownership of the IP and 
> NOTHING MORE. It is NOT a contractual grant of anything. 

In the case of TLS-extractor, that's correct; there is nothing more,
unfortunately.  However the section VI "Licensing Declaration" can
include terms of licencing.


> It is not authenticated and the process doesnt meet any legal
> requirements in the real world for transferring commercial rights to
> anyone for anything.

You make a good point; the submission process not authenticated. The
IETF hasn't adequately addressed that issue, and you are correct that we
do assume some risk assuming the document is genuine.  Of course, a
false or fraudulent document can still probably be traced by other logs,
so there are probably means of holding fraudsters accountable. And of
course, in this case we know that people from Certicom are participating
and they haven't repudiated the document, so we do have some indications
that its genuine.  But I would absolutely support improved
authentication of digital documents submitted to the IETF.

> > Certicom should not be able to alter the terms after the fact, which
> > it seems to have just admitted doing.
>
> Wrong - Certichron can alter anything it wants after informing the
> IETF of its (Certichron's) ownership of those technologies.

The distinction is between "can" and "should not be able to" is the
point. The terms of license _ought_ to be stable and _known_ to the IETF
members when they decide on standardization. If one doesn't know the
patent terms, most people would probably reject all patented standards.
That may be OK from my point of view, but I think others take a more
moderate position that I might call "informed consent", arguing each
patented standard on its own merits. While I have (graciously I think)
accepted to argue each patented standard individually on its own merits,
I must strenuously object to losing "informed consent" altogether. Loss
of "informed consent" is precisely what would happen if patent holders
were allowed to change the terms arbitrarilly anytime they chose to so.  
Patent holders would simply offer acceptable terms during
standardization, and then change the terms to unacceptably after the
standard was approved.  The court in Qualcomm v. Broadcomm came down
pretty strongly on my side.

> The IETF's decision to allow a standard or not based on whether the
> IETF is given ownership of the IP implementing that standard in the
> real world in the standard is a form of blackmail and needs to be
> formally prosecuted as tortuous interference and antitrust IMHO.

The IETF need not be given ownership; in no case has that been demanded
that I know of.

It is not blackmail to require disclosure of the terms on which business
will be conducted, nor to require terms be acceptable before being
accepted.  The IETF has the right to reject and not approve any
standards proposal. Those who submit standards proposals have no right
that their standards proposal be approved as a standard.

As you know, extortion requires that the one being extorted give up some
right that they have, while the extorter exercises a right they don't
have.  When I rent an apartment, I don't have to rent it, and applicants
have no right that I rent to them, and so demanding a price in rent is
not extortion.  By contrast, I have a right to democratic participation,
and the IETF has no right to prevent my democratic participation without
of a vote of more than half the members to suspend or strip membership.  
Taking away my rights to participate unless I drop objections to the way
things are run and who is running them is extortion.

> > The IETF is NOT asking for an irrevocable "Grant" in an IPR
> > disclosure.
> >
> > The problem here is that submitting an URL for the real IPR
> > disclosure in the IETF disclosure form is subverting to idea that
> > the IETF can archive the IPR disclosures in their original form.
>
> Yes but that's the flaw in the IETF's system.

I think not. The IETF system cannot be expected to exclude URLs in a
block of text because Urls to _fixed_ longer documents are probably
good. Most such forms might run out of space and require additional
longer documents.  However, the IETF could and _should_ administratively
require by rules that the documents so referenced in the URLs be in
fixed form and that the submitter cannot change them arbitrarilly.

Thanks,

		--Dean



-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 256 5494

v2.23.0 | Report a Bug | By Email