Re: Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

From: Simon Josefsson <simon at josefsson.org>
To: ietf at ietf.org, tls at ietf.org
Date: Wed, 22 Jul 2009 21:31:44 +0200
In-reply-to: <20090720164816.328D928C1C8 at core3.amsl.com> (The IESG's message of "Mon, 20 Jul 2009 09:48:16 -0700 (PDT)")
References: <20090720164816.328D928C1C8 at core3.amsl.com>

With the caveat that I have recently returned from vacation, and
consequently may have missed some clarifications or paged out some
context:

If the #1154 IPR disclosure is the final word from Certicom on this
document, I don't support advancing this document on the standards
track.  My concern remains that Certicom claims they have IPR that
covers the document -- that is what the #1154 disclosure says (section
IV).  The additional information provided in the PDF is not helping: it
grants a license for use together with ECC.  It doesn't say anything
about the use without ECC.

The way I see it, TLS implementers and the broader Internet does not
gain something significant by having this document published.  Other
IETF documents can use the TLS PRF to derive keying material.  On the
contrary, it seems both TLS implementers and the broader Internet
community would be hurt by publishing the document since having patent
threats looming over widely used techniques has stability and
interoperability impacts.

I recall that Certicom was positive about clarifying their intentions so
maybe we can continue that discussion and get something more useful than
the recent disclosure.

Speaking as TLS implementer of the document and document [1] author that
reference this document,
/Simon

[1] http://tools.ietf.org/html/draft-josefsson-krb5starttls-bootstrap-02

The IESG <iesg-secretary at ietf.org> writes:

> The IESG has received a request from the Transport Layer Security WG 
> (tls) to consider the following document:
>
> - 'Keying Material Exporters for Transport Layer Security (TLS) '
>    <draft-ietf-tls-extractor-06.txt> as a Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.  Please send substantive comments to the
> ietf at ietf.org mailing lists by 2009-08-10. Exceptionally, 
> comments may be sent to iesg at ietf.org instead. In either case, please 
> retain the beginning of the Subject line to allow automated sorting.
>
> The file can be obtained via
> http://www.ietf.org/internet-drafts/draft-ietf-tls-extractor-06.txt
>
>
> IESG discussion can be tracked via
> https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16821&rfc_flag=0

Follow-Ups:
- RE: Last Call: draft-ietf-tls-extractor (Keying Material Exportersfor Transport Layer Security (TLS)) to Proposed Standard
  - From: Joseph Salowey (jsalowey)

Prev by Date: Re: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication UsingOnly A Password) to Informational RFC
Next by Date: RE: Last Call: draft-ietf-tls-extractor (Keying Material Exportersfor Transport Layer Security (TLS)) to Proposed Standard
Previous by thread: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying MaterialExporters for Transport Layer Security (TLS)) to Proposed Standard
Next by thread: RE: Last Call: draft-ietf-tls-extractor (Keying Material Exportersfor Transport Layer Security (TLS)) to Proposed Standard
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Last Call: draft-ietf-tls-extractor (Keying Material Exporters for Transport Layer Security (TLS)) to Proposed Standard

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.