Re: [TLS] Proto write-up for TLS exporter

[Dean Anderson <dean at av8.com>]

Several messages inline:

On Thu, 14 May 2009, Nicolas Williams wrote:
> 
> Simon is being unreasonable by acting as though assertions NOT made
> are nonetheless in force.  We're not mind readers and the law does not
> and, indeed, _must_ not expect us to so be (no, I am not a lawyer).  
> We can and should (nay, must) only make decisions based on IPR claims
> that are asserted, not on claims that are not asserted (again, IANAL,
> but you knew that).

Actually, Simon is both right and reasonable. One doesn't need to be a
mind reader, nor does one need to be a lawyer, to read patents [nor to
read and obey any law]. The jury won't be made up of lawyers.  It is a
fallacy that only lawyers need to be concerned with legal matters.  
Lawyers have the special privilege to represent other people in Court,
sort of like commercial pilots have the special privilege to fly other
people for hire.

In this case, the 'unstated' assertions are in the patents themselves,
which the IPR Disclosures have disclosed.  The law expects you to use
due diligence to follow the references you've been given.  Infringing on
ignorance isn't excused--one still owes the money---and knowingly
infringing a patent can be prosecuted as a crime.  Lawyers have told me
that merely doing a /patent search/ can be evidence that you knew of a
patent--the lawyer was advising myself and other engineers against doing
patent searches. In this case, the IPR disclosure has informed us of the
patents, and so we can't plead ignorance. Inducing others to infringe is
also a special kind of patent offense.

Back to specifics: I've read a number of the Certicom patents, and they
are /very/ broad. I can't imagine much use of ECC that would not
infringe.  To be perfectly clear: I don't see that there is a credible
dispute for asserting non-infringement on ECC. The draft has disclosure;
the patent holder offers a (not really free) license. The patents
themselves are very broad, and there are a large number of them. I think
we have to conclude that unlicenced use of ECC will infringe.


> Simon should seek legal advice on that point, and hopefully remove his
> objection (or perhaps the TLS WG chairs and/or IESG can just declare
> consensus nonetheless and let Simon appeal if he likes).

I'm not sure what your mean by 'declare consensus' here. Do you mean
that the IESG should state that the patents don't apply?

If so, I would point out that neither the Chairs nor the IESG can
honestly "declare"  consensus where there is no consensus. From RFC
2418:

   Consensus
   can be determined by a show of hands, humming, or any other means on
   which the WG agrees (by rough consensus, of course).  Note that 51%
   of the working group does not qualify as "rough consensus" and 99% is
   better than rough.  It is up to the Chair to determine if rough
   consensus has been reached.

There doesn't seem to be consensus on the draft as a whole so far.


On Wed, 13 May 2009, Paul Hoffman wrote:

> At 1:58 PM +0200 5/13/09, Simon Josefsson wrote:
> >I don't support publishing tls-extractor on the standards track as
> >long as there are unclear patent threat against it and no acceptable
> >free software compatible patent license is available.
>
> This is absurd and obstructionist. You are saying that if anyone
> publishes an IPR statement about a work in progress, they can stop
> that document from becoming a standard.

I don't think that is what he is saying. He is saying that he doesn't
support the draft because of its patent licencing requirements. That is
a perfectly valid reason to oppose the draft. That's why RFC 3979
requires disclosures and requires working groups to discuss non-patented
alternatives.


On Wed, 13 May 2009, Paul Hoffman wrote:

> At 6:49 PM +0200 5/13/09, Martin Rex wrote:
> >Could someone please ask Certicom to remove TLS-extractors from
> >their IPR claim / IPR disclosure?
>
> This might best be done by someone who works for a large vendor who
> has a business relationship with Certicom or their parent, RIM (hint,
> hint).

Removing the IPR claim has no effect. The only thing that can be done to
remove the objection of many is for Certicom to offer a free, universal
license to that technology.

> >To me, this claim sound ridiculous (assuming their patent claims
> >are purely about patents around EC crypto).
>
> Why is what you think (or what I think) about their IPR relevant to
> the write-up? Joe is reporting that there is an IPR statement in which
> the draft is mentioned. That is a factual statement, even if it is
> unfortunate.




On Fri, 15 May 2009, Matthew Campagna wrote:

> In hopes of clarifying,
>
> It is our intention to foster broad adoption of ECC technology.  The
> grant is meant to cover any necessary Certicom patents and patent
> applications to implement RFC 4492, RFC 5289 or the
> draft-rescorla-tls-suiteb when used with draft-ietf-tls-extractor. It
> is not making any statement to the draft-ietf-tls-extractor when used
> absent of these three cipher suites.

Very few patent holders /don't/ want to foster broad adoption of their
technology.  Its the right of patent holders to prevent all use, but
broad adoption is frequently the goal of the patent holder, along with
the accompanying license fees, of course.  I do not dispute your goal of
broad adoption. I dispute that your license is really free, and I
dispute that we need to adopt ECC technology into TLS on a non-free
basis.

		--Dean



-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000