[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
From: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>
Date: Wed, 2 Jul 2008 17:48:41 -0400
Cc: tls@xxxxxxxx, iesg@xxxxxxxx, rms@xxxxxxx, Paul Hoffman <paul.hoffman@xxxxxxxx>
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <87wsk4btev.fsf@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Organization: Columbia University
References: <200806301701.m5UH1rdm023287@xxxxxxxxxxxxxxxxxxx> <E1KDSPJ-0004XB-TT@xxxxxxxxxxxxxxxxx> <2CB988A3-B88D-4B88-A3B6-6F7D99802439@xxxxxxxxxxxxxx> <E1KDmbL-0001jF-Bk@xxxxxxxxxxxxxxxxx> <> <87ej6dckui.fsf@xxxxxxxxxxxxxxxxxxx> <20080701205128.3a90bb9c@xxxxxxxxxxxxxxx> <87wsk4btev.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx

On Wed, 02 Jul 2008 10:07:52 +0200
Simon Josefsson <simon@xxxxxxxxxxxxx> wrote:

> "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx> writes:
> 
> > On Wed, 02 Jul 2008 00:15:17 +0200
> > Simon Josefsson <simon@xxxxxxxxxxxxx> wrote:
> >
> >> Paul Hoffman <paul.hoffman@xxxxxxxx> writes:
> >> 
> >> > At 4:37 PM -0400 7/1/08, Richard M Stallman wrote:
> >> >>All that is true, but doesn't the IETF have ways to press the big
> >> >>companies to say whether they have any patents over a proposed
> >> >>standard?
> >> >
> >> > No.
> >> 
> >> That is a rather terse answer.
> >> 
> >> The IETF has RFC 3979, in particular section 6.1, which says that
> >> IETF participants must file a disclosure when he knows about his
> >> own patents in IETF contributions, and is encouraged to file a
> >> disclosure for patents owned by others.  That count as a "yes"
> >> answer to this question for me.
> >> 
> >> To clarify, the IETF has RFC 3979 as the instrument to pressure big
> >> companies to file these notifications, through the individuals who
> >> participate in the IETF.
> >> 
> >> Could you elaborate on why you believe "no" is the correct answer?
> >> 
> > Simon, 3979 only constrains players who choose to participate in the
> > IETF.  If they do not participate -- worse yet, if they choose not
> > to participate with the intention of using submarine patents --
> > there's nothing the IETF can do.
> 
> That's a valid point.  Still, I would claim that most big companies
> actively working in this area do participate in the IETF.  It is
> certainly true for the case with ECC and Certicom.

Sure.  The question is how to coerce companies that don't participate
into doing so.
> 
> > In fact, I'm not convinced that even conceptually there's anything
> > the IETF could do against non-participants, since no license is
> > needed to implement an IETF protocol.  How could there be, even in
> > theory, if the RFCs are to remain open and freely redistributable?
> > I don't think an implementation would count as a derivative work
> > under copyright law.
> 
> I don't see how this discussion is about copyright, it is a patent
> disclosure question.

Sorry, I wasn't clear.  I was groping for an analog to the GPL copyleft.
In essence, the GPL says "if you don't play by our rules, you can't use
this code".  But I don't see a way for the IETF to say "if you don't
tell us about your patents, you can't implement our standards".
> 
> I believe the IETF has appropriate rules around this today through BCP
> 79.  The rules in there have been an effective instrument to get both
> big and small companies to file patent disclosures several times, in
> my experience.  If Paul Hoffman argues that the instrument is not
> effective enough, that is more subjective, but my point is that the
> rules in BCP 79 can and have been used to press big companies to file
> patent disclosures.
> 
Yup.  I think we're in violent agreement.  


		--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Dean Anderson

References:
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Martin Rex
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Richard M Stallman
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Yoav Nir
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Richard M Stallman
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Paul Hoffman
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Simon Josefsson
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Steven M. Bellovin
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Simon Josefsson

Prev by Date: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
Next by Date: Enjoy the love you can make
Previous by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
Next by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
Index(es):
- Date
- Thread