[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC

To: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
From: Dean Anderson <dean@xxxxxxx>
Date: Fri, 27 Jun 2008 15:56:06 -0400 (EDT)
Cc: iesg@xxxxxxxx, tls@xxxxxxxx, rms@xxxxxxx
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <20080627173509.DDB69509AA@xxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces@xxxxxxxx

On Fri, 27 Jun 2008, Eric Rescorla wrote:

> 
> This paragraph only refers to documents which did not go through
> the IETF process, as implied by the first sentence of 4.2.3.

Indeed. And this document indeed did not properly follow the IETF
process because it did not disclose IPR in accordance with RFC3979 and
because it did not discuss non-patented alternatives, also in accordance
with RFC3979.  The intent of 4.2.3 is to prevent the circumvention of
the rules, and the IETF rules are not being followed.

>    Unless they are the result of IETF Working Group action, documents
>    intended to be published with Experimental or Informational status
>    should be submitted directly to the RFC Editor.
> 
> This document was a TLS WG document, so had already been
> coordinated with the IETF community.

That is precisely the point: it has NOT been properly coordinated with
the internet community: Not all the pertinent facts were disclosed to
the internet community.  

I think the recent events surrounding TLS-Authz at least indicate that
the internet community is keenly interested in facts of patent
encumbrance. These facts were apparently known to IESG managers and
those managers also knew these facts would be important to the
community, but kept the community in the dark, made false 
representations in the draft, and failed to follow IETF policy.

The following paragraph in the 'ecc-new-mac draft is a false
representation:

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

What was claimed to be an innocent mistake in TLS-Authz cannot be
repeated by essentially the same people and still be considered an
innocent mistake.  Twice is not a mistake. Especially after all the fuss
that was made about TLS-Authz.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
  - From: Pasi.Eronen
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
  - From: Eric Rescorla

References:
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Next by Date: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Previous by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Next by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Index(es):
- Date
- Thread