Re: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard

From: Thierry Moreau <thierry.moreau at connotech.com>
To: Simon Josefsson <simon at josefsson.org>
Cc: Pasi.Eronen at nokia.com, ietf at ietf.org
Date: Tue, 10 Feb 2009 12:41:24 -0500
In-reply-to: <877i3ytimx.fsf at mocca.josefsson.org>
References: <498F9419.80300 at ieee.org> <4990DD75.3090206 at gmail.com> <87wsbytqa2.fsf at mocca.josefsson.org> <808FD6E27AD4884E94820BC333B2DB7727E79A68F8 at NOK-EUMSG-01.mgdnok.nokia.com> <877i3ytimx.fsf at mocca.josefsson.org>

Simon Josefsson wrote:

<Pasi.Eronen at nokia.com> writes:

My reading of RedPhone's IPR disclosure 1026 is that they claim to
have a patent application about a larger system that includes
tls-authz as one part, and uses it in particular way. If you want to
build a system matching the numbered list 1..4 in the disclosure
(RedPhone's description of what they claim is covered), then you
would have to consider this IPR disclosure.



A license is required for each of the cases 1, 2, 3, and 4 individually.

As far as I read item 3, it seems to cover many kind of realistic use of
this protocol.  As soon as you have some authorization data, you would
typically compare the sender of the authorization to some set of valid
issuers.

This reasoning is perhaps useful to support an opposition campaign, butit is incomplete.

The patent *claims* can not be broadened by a generic mention of a usecase. Going into the details of this specific instance boils down toevaluating the validity of IPR claims.

Let me bring a few facts. The redphone IPR is a US patent applicationthat was amended on 2008/01/25. No US patent office examiner hasresponded so far. Altough a PCT application is mentioned in the IPRdisclosure, there is no mention of national phase entry(ies), so theonly affected jurisdiction would be the US only (the IPR disclosureshould be more comprehensive if I am wrong). With a priority date inJanuary 2005, the IPR claims can not cover the business methodsprevailing before, e.g. the corporate treasury management on-lineservices based on authorizations (e.g. one-time password using tokens)to access a bank account (network resources) where the specific form ofauthorization is defined in the service enrollment agreement.

So, the argument that IPR disclosure 1026 case 3 is a justification forthe FSF campaign is relevant only in the perspective of an ideologicalopposition to patents. There are ample facts to justify an endorsementof TLS-authz advance in the IETF standardization process.


Regards,

--

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: thierry.moreau at connotech.com

References:
- Evaluation: draft-housley-tls-authz-extns-07.txt to Proposed Standard
  - From: Dimitrios P. Bouras
- FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard
  - From: Brian E Carpenter
- Re: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard
  - From: Simon Josefsson
- RE: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard
  - From: Pasi.Eronen
- Re: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard
  - From: Simon Josefsson

Prev by Date: Comments on proposed TLS Authorisation Standard
Next by Date: FSF's ... warning about TLS
Previous by thread: Re: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard
Next by thread: RE: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: FWIW: draft-housley-tls-authz-extns-07.txt to Proposed Standard

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.