[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with

To: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>
Subject: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
From: Dean Anderson <dean@xxxxxxx>
Date: Sun, 6 Jul 2008 19:06:05 -0400 (EDT)
Cc: Simon Josefsson <simon@xxxxxxxxxxxxx>, Paul Hoffman <paul.hoffman@xxxxxxxx>, tls@xxxxxxxx, rms@xxxxxxx, iesg@xxxxxxxx
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <20080702174841.1420aae8@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces@xxxxxxxx

On Wed, 2 Jul 2008, Steven M. Bellovin wrote:
> 
> Sure.  The question is how to coerce companies that don't participate
> into doing so.

We don't need to coerce non-participants to be reasonably effective.  
We just need to make sure that participants comply with RFC3979.

There are only two cases the IETF can fix:

  1. The IETF partipicant directly has an undisclosed patent.

  2. A non-participant has a patent that an IETF participant knows of,
but doesn't disclose. (e.g. Housley/Brown and TLS-Authz)

Both these cases are handled by rescinding the RFC for failure to follow
RFC3979. And of course, these bad participants are discredited in future
IETF activities---The web is a wonderful thing for a implementing a
certain level of accountability.

IETF Standards are only created by participants.  Quite obviously,
non-participants do not create IETF standards. Big company-participants
are strongly motivated not to implement technology that someone else has
patented---At least, not without factoring the license cost into the
business plan.  Those big participants therefore help make sure the
other participants are honest, and that patent disclosures are made on a 
timely basis.

The case where a non-participant has a patent that no IETF participant
knows about is still a problem, but these are truly submarine patents
that NO ONE can avoid. Except of course, by changing the patent law.

The case where a participant knows of a patent, and willfully misleads
the IETF about the patent status [with or without a profit motive] is
just a subset of (2) above.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
  - From: Steven M. Bellovin

Prev by Date: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
Previous by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
Next by thread: Re: [TLS] Document Action: 'TLS Elliptic Curve Cipher Suites with
Index(es):
- Date
- Thread