Re: draft-housley-tls-authz-extns-07.txt to Proposed Standard
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-housley-tls-authz-extns-07.txt to Proposed Standard
ned+ietf at mauve.mrochek.com wrote:
> I completely disagree with this assessment. The points you mention are quite
> specifically talking about Agreements, not certificates.
Yes, this is obviously right, "Agreements" are not certificates. But I don't
think it's clear that storing Agreements covers only "a fairly specific set of
use cases." Since Agreements include contracts and negotiable instruments, it
seems that it could encompass most uses in e-commerce: for example an online
store that requires buyers to use authorizations when making a purchase, and
then stores the transaction details along with the authorization data.
Sales transactions are a central use case for TLS, are they not? If online
sales using the authz extensions are not within the scope of term 3, I don't
think it is at all clear from the IPR Statement, and the onus should be on
RedPhone to clarify this. If they are, I think RedPhone's restrictions can
hardly be said to apply only to corner cases.
Aaron
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
