On Jul 7, 2008, at 1:45 AM, Dean Anderson wrote:
On Wed, 2 Jul 2008, Yoav Nir wrote:It's worse than that. There's no "IETF police" to come after violators, or enforce section 7 of 3979. If some individual fails to disclose, she will not be barred from participating in IETF discussions, or from posting new drafts. If a company fails to disclose, definitely no action will be taken against its employees.Uhh, as Sam Hartman demonstrated with TLS-Authz, the IESG are the "IETFpolice".
And again, suppose I manage to get draft-nir-tls-eap to IETF last call as a "proposed standard", make no disclosure, and then somebody (you?) find out that to implement this standard, you need to use "stateful inspection", for which my company holds a patent.
What would you suggest the "IETF police" do? Just knocking the standard down to Informational is nice, but what else? What sanctions would you suggest be taken against me? Against Check Point? RFC 3979 does not authorize them to do anything.
This may sound bad, but do you really want to set up a "court of the IETF" to depose witnesses and make determinations as to intent? I don't think we really want to go there, and we really don't want to create a new category of IPR where companies and individuals that violate IETF policy are somehow prohibited from implementing RFCs.
So yes, I believe that an angry post from you (and an Informational designation for the RFC) is the worst we can do to violators.
_______________________________________________ TLS mailing list TLS@xxxxxxxx https://www.ietf.org/mailman/listinfo/tls