TLS authorization proposed standard

From: Jason <jason at lunkwill.org>
To: ietf at ietf.org
Cc: campaigns at fsf.org
Date: Mon, 9 Feb 2009 19:03:25 +0000 (UTC)

Please do not approve the "TLS authorization" proposal. I worked extensivelywith TLS in my academic work in grad school, and eventually left the securityfield because improvements to security technologies are so difficult to getinto use.

The IETF is one of the few bodies who can actually bring security technologiesinto widespread use, but it's vital that you do so without creating businessdeadlocks by imposing patent-encumbered standards!

We've been down this road before: many years ago, I drove an hour out of myway to buy a copy of Apache Stronghold so that one of my clients would have alegitimate RSA license for their SSL server. The impedance was real, and Iremember the parties that were held around the world when their patentexpired.

Internet security is in a deplorable state, especially with respect to thestate of the art in cryptographic research. We can't afford to go throughyears more of patent-mined standards, causing billions of dollars of loss andvulnerability, so that RedPhone can make a few million dollars on patentlicenses.


Please do the right thing: don't let this proposal become a standard.

Prev by Date: RE: [Trustees] Last Call for Comments: Proposed work-around to thePre-5378 Problem
Next by Date: IETF should reject acceptance of TLS Authorization
Previous by thread: Please reject the patented TLS-authz standard proposal.
Next by thread: IETF should reject acceptance of TLS Authorization
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

TLS authorization proposed standard

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.