Re: [TLS] Proto write-up for TLS exporter

["Blumenthal, Uri" <uri at ll.mit.edu>]

Eric,

The problem is (if I understand it correctly) that (a) there is Certicom's PDF describing Certicom's ECC-related claims, and (b) Certicom's extractor-related claims that do not explicitly refer to or constrain themselves with the above PDF boundaries.

Thus it is unclear (at least without an explicit statement from Certicom) whether their tls-extractor claims are or are not exclusively ECC-related. 

In absence of such statement I speak against placing this draft on a standards track.


----- Original Message -----
From: tls-bounces at ietf.org <tls-bounces at ietf.org>
To: Simon Josefsson <simon at josefsson.org>
Cc: TLS at ietf.org <TLS at ietf.org>
Sent: Thu May 14 10:04:37 2009
Subject: Re: [TLS] Proto write-up for TLS exporter

At Thu, 14 May 2009 11:17:02 +0200,
Simon Josefsson wrote:
> 
> Eric Rescorla <ekr at networkresonance.com> writes:
> 
> > At Wed, 13 May 2009 19:27:42 +0200,
> > Simon Josefsson wrote:
> >> 
> >> Eric Rescorla <ekr at networkresonance.com> writes:
> >> 
> >> > Do you have some reason to believe that extractors itself is encumbered absent
> >> > use of ECC?
> >> 
> >> Some of the patents quoted by Certicom in that PDF do not appear to be
> >> specific to ECC.  There is no analysis that they don't apply to
> >> tls-extractor.
> >
> > Again, the disclosure seems pretty clear to me. Namely,
> > it states that the named documents apply "when used with...
> > <three ECC-related documents>"
> >
> > So, again, I ask, "Do you have some reason to believe that extractors
> > itself is encumbered absent use of ECC?"
> 
> I believe the PDF is a reason, at least without more information.  My
> reasoning is as follows:
> 
> The patent disclaimer filed with the IETF lists tls-extractor as one
> document that Certicom believes is covered by their patents.
> 
> The PDF only covers when ECC is used.
> 
> The PDF does not assert anything about non-ECC purposes.
> 
> This allows Certicom to claim that the tls-extractor document is covered
> by their patents for non-ECC uses in the future.  That claim would not
> be inconsistent with the information filed with the IETF so far.  That
> is the loophole I'm concerned with.

While, this is of course true, it's also possible that some other
entity which doesn't participate in IETF at all has patents that apply
to extractor. That wouldn't be inconsistent with the information filed
with the IETF either.

Either you think that Certicom has a BCP 79 obligation to accurately
disclose their patents or they don't. If you do, I think it's
reasonable to conclude that when they say "our patents may cover
X" that they don't believe their patents cover !X. If you don't,
then we could equally well conclude that their patents may
cover drafts they don't even mention. 

-Ekr




_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls