[TLS] Re: Straw poll on TLS SRP status

To: <Pasi.Eronen at nokia.com>
Subject: [TLS] Re: Straw poll on TLS SRP status
From: Simon Josefsson <simon at josefsson.org>
Date: Thu, 24 May 2007 13:28:35 +0200
Cc: tls at ietf.org
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F24042BE8D1@esebe105.NOE.Nokia.com> (Pasi Eronen's message of "Thu\, 24 May 2007 13\:33\:32 +0300")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <B356D8F434D20B40A8CEDAEC305A1F24042BE8D1@esebe105.NOE.Nokia.com>
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.0.95 (gnu/linux)

<Pasi.Eronen at nokia.com> writes:

> The question is: Do you support advancing draft-ietf-tls-srp as 
> Proposed Standard? 
>
>    [ ] Yes.
>    [ ] I think Informational/Experimental is better.
>    [ ] I don't care about the status, just get it published.
>    [ ] Something else, please state:

[X] Something else: Get more information about the patent status of this
technology, possibly asking the patent owner to chime in.

I don't think we have enough information to decide right now.  While you
cite a few IPR disclosures:

> - At least the following IPR disclosures may be relevant:
>
>   https://datatracker.ietf.org/public/ipr_detail_show.cgi?&ipr_id=25
>   https://datatracker.ietf.org/public/ipr_detail_show.cgi?&ipr_id=31
>   https://datatracker.ietf.org/public/ipr_detail_show.cgi?&ipr_id=63

If these would apply to this particular document, I would feel that we
shouldn't put this document on the standards track.  But those
disclosures aren't about this document.  And we have several free
software implementations out there and there haven't been any problems.
I think we must evaluate whether these patents are still relevant.

It would help if the patent owner could declare what they think about
people implementing TLS-SRP.  Do the owner consider TLS-SRP
infringement?  Is the owner willing to improve the patent license to
something that is more acceptable to the community?  [1] Further, what
guarantees do we have that the patent owner doesn't change their minds?

> - Regardless of what status will be chosen, the RFC will 
>   not be compatible with any of those implementations
>   (since the TLS extension number will change).

I think that is a flaw with the TLS core specification that we should
fix.  It should be simple to get protocol numbers allocated to avoid
collisions.  I will maintain the old protocol numbers in GnuTLS for a
long while, and I suspect other implementers will do the same, to avoid
breaking backwards compatibility.

/Simon

[1] For hints on how to write a patent license that is more friendly
towards the free software community subset of the IETF community, see:
http://www.ietf.org/internet-drafts/draft-josefsson-free-standards-howto-00.txt

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- [TLS] RE: Straw poll on TLS SRP status
  - From: Pasi.Eronen

References:
- [TLS] Straw poll on TLS SRP status
  - From: Pasi.Eronen

Prev by Date: Re: [TLS] Straw poll on TLS SRP status
Next by Date: [TLS] RE: Straw poll on TLS SRP status
Previous by thread: Re: [TLS] Straw poll on TLS SRP status
Next by thread: [TLS] RE: Straw poll on TLS SRP status
Index(es):
- Date
- Thread

[TLS] Re: Straw poll on TLS SRP status

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.