The Free Software Foundation and the GNU Project oppose publication
of "Transport Layer Security (TLS) Authorization Extensions"
(draft-housley-tls-authz-extns) as a proposed standard. We do not
think that RedPhone Security's 1026 disclosure filing provides
sufficient assurance to free software users that they will not be
considered in violation of RedPhone's patent.
The Licensing Declaration starts out right:
RedPhone Security hereby asserts that the techniques for sending
and receiving authorizations defined in TLS Authorizations
Extensions (version draft-housley-tls-authz-extns-07.txt) do not
infringe upon RedPhone Security's intellectual property rights
(IPR).
However, it is then followed by an important caveat:
The values provided in, and the processing required by the
authorizations ("authz_data" in the Protocol Document) sent or
received using the techniques defined in TLS Authorizations
Extensions are not specified in the Protocol Document. When an
implementation generates the authorizations or processes these
authorizations in any of the four ways described below, then
this practice may be covered by RedPhone Security's patent
claims.
It appears that RedPhone's disclaimer covers software developers who
implement the standard in a vague sense, but not the people who then
actually use that software. A patent disclaimer must clearly cover
both developers and users to be acceptable. Furthermore, the caveat
is not written exclusively, leaving the door open for further
claims. It does not say that the four ways described are the *only*
practices that may be covered.
