RE: [TLS] Comments on draft-housley-tls-authz-extns-07

["Mark Brown" <mark at redphonesecurity.com>]

Dean,

It sounds like you're expecting that the RedPhone Security patent will issue
as filed but that it really doesn't contain any innovation -- i.e. that the
patent grantors of the world will screw this one up.  I'm less cynical on
this question, and so on that point I have to disagree with you.

I don't see eye to eye with your cynicism about patents and/or their
grantors; instead, I'm passionate about authorizations technology.  I think
federated authorization & identity techniques are fascinating and are likely
to be very useful in the future of Internet communications.  I love my job.
It energizes me because I fully intend to bring useful products to market --
even though that's difficult to do as a small company.  I may fail, but I'll
try.  My country -- at least historically -- thought that patents were a way
to encourage this sort of passion because historically it's been the cradle
of innovation.  That's the spirit behind what I'm doing, and I hope we can
find a way to respectfully disagree about the systems supporting patents and
the RedPhone Security filing in particular.

> > Isn't a satisfactory resolution of "the patent issue" one where all
> people
> > get to use tls-authz royalty free for any purpose and using any non-
> patented
> > method?
> 
> Yes, that would be satisfactory. To do that, you have to grant a royalty
> free license to the public, and drop the nonsense about an "offer of a
> free GUL on request".  

It's taken me a while to understand your criticism on this point, but I
think I get it now.  I have prepared a corrected license which will be ready
and published shortly (or ASAP at the latest).


> ..And drop the restrictions on PAS functions from
> the GUL, too. I note that you've seen the Netscape license, and I don't
> know why anyone would agree to less.

I've modeled after the Certicom ECC license instead of the Netscape license,
which admittedly gives away less than Netscape did, but I think ECC has been
pretty well received all the same.  I feel a need to reserve one method of
verifying authorizations as described by the PAS functions.  Please don't
exaggerate what I'm reserving (the PAS Functions); it really is possible
that there are better ways to use tls-authz than the method I'm reserving. 
 
> > With the exception of one method that I expect will become patented,
> > that's what's offered for tls-authz under the GUL.
> 
> Umm.  Actually, No, that isn't what's offered by your cereal-box offer
> to give a free GUL on request.  You haven't offered any license to the
> public, and RPS can't be compelled to complete the GUL in the future by
> your "offer".

I hope the corrected license will address your concerns.  I think I
understand your concern that RedPhone Security, or its successors etc.,
won't grant requests for licenses.

--mark


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls