[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC

To: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
From: Dean Anderson <dean@xxxxxxx>
Date: Fri, 27 Jun 2008 18:16:58 -0400 (EDT)
Cc: iesg@xxxxxxxx, tls@xxxxxxxx, rms@xxxxxxx
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <20080627204801.3A429509A9@xxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces@xxxxxxxx

That disclosure specifically states that it doesn't apply to any other
drafts, and this draft isn't listed.  That disclosure doesn't apply to
this document.

The failure to disclose is only the first process violation. I count:

2. No discussion of non-patented alternatives per RFC3979.

3. No consensus on WG, despite relationship to prior and future
standards-track work on TLS.

4. This is a protocol-altering document, altering TLS protocol--it is
not really an Informational document. Nor indeed is RFC4492 properly
categorized as informational.  The informational category is being used
as an end-run around the consensus requirements.

The consequence appears to be another submarine-patented standard. I
don't think this can dismissed as "it just didn't occur to me", after
TLS-Authz.

This also isn't the first time ECC patents have failed to be disclosed
to the IETF.  In 2005, I complained of DNSEXT drafts that were
describing ECC without patent disclosures. In that case, I was told by
Steven Bellovin (then chair of IPR-WG) that RFC3979 wasn't the policy of
the IETF(?!!!?).  The DNSEXT Chair (Austein) told me to drop discussion
about non-patented alternatives (?!!!?).  The IETF Lawyer later refuted
Bellovin's false claims, but the DNSEXT group continues to suppress
discussion on false pretenses.  I'm very concerned about such blatantly
false statements, and concerned by the attempt to dismiss them as mere
mistakes that 'they didn't think of'.

		--Dean

On Fri, 27 Jun 2008, Eric Rescorla wrote:
> 
> As I've stated already, the relevant IPR claims had already been
> disclosed WRT RFC 4492, which this document lists as a normative
> reference, as well as explicitly mentioning it in the abstract and
> throughout the document, and it just didn't occur to me to file a
> separate IPR disclosure listing this document specifically. As I
> indicated earlier, I'll leave it to Joe and the ADs to determine
> whether such disclosure was required by the process, process
> violation, but from a practical perspective, I find it hard to believe
> that any significant number of people reviewing the document were
> unaware of the IPR situation, given the extensive discussion on this
> topic when 4492 was approved.
> 
> -Ekr
> 
> 

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
  - From: Eric Rescorla

References:
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Next by Date: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Previous by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Next by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode' to Informational RFC
Index(es):
- Date
- Thread