Re: Why people by NATs
Jeroen Massar [EMAIL PROTECTED]: On Mon, 2004-11-29 at 01:38 -0500, Eric S. Raymond wrote: Kai Henningsen [EMAIL PROTECTED]: Oh, sorry. Not *exactly*. It's the DHCP *server* which does the DNS update. My DHCP server is firmware in my Linksys :-). Which is a Linux box, which can be upgraded ;) As the maintainer of the Linksys Blue Box Router HOWTO, I am quite well aware of this fact. And if my objective were to have exciting adventures in system and network administration, I would have reflashed my Linksys long since. I don't want to have exciting adventures in system and network administration. I want my home network to just freaking *work* so I can concentrate on the problems where my time is most valuable. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Why people by NATs
Kai Henningsen [EMAIL PROTECTED]: Oh, sorry. Not *exactly*. It's the DHCP *server* which does the DNS update. My DHCP server is firmware in my Linksys :-). -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Why people by NATs
Peter Ford [EMAIL PROTECTED]: Run a market survey and you will find out why people buy these NAT devices. It shouldn't be that hard, you can hire one of many consumer research firms to do that kind of quantative research for you. Who needs market research? All you have to do is look at the cost-feature profile of the most popular NATs and notice who they were designed for. Those vendors have already done the market research and bet real money on the results. Downstairs in my basement I have a Linksys firewalling router that does NAT. Like millions of other SOHO users, I needed NAT in order to be able to connect a home network of multiple machines to a DSL or cable line. The ISP gave me only one IP address; the NAT allows me to have several clients and one server behind it. (This particular box, as is now common, is also a WiFI access point.) The other thing NAT does is allow me to decouple my local IP addresses from the ISP's assignment. So all my local machines can keep 192.168.1.x regardless of what address the world thinks my server has. Because I have a static address (66.92.53.140) this is merely a convenience that would make it easy for me to change ISPs if I had to; if, like many ISP users, I had a DHCP-allocated dynamic one, it would be a necessity. To sum up, NAT gives me two features: 1. Multiple machines on the single-address allocation the ISP gives me. 2. Decoupling of mt local network addresses from the ISP assignment. The Linksys, which is probably the single most popular brand, was designed for exactly this set of requirements. So are most of its competition -- the Belkins, the Netgears, the AirStations, etc. I hear a lot of muttering about NATs being evil. I really don't have an opinion on the subject -- I understand some of the theoretical problems, but they've never bitten me. So, asking as a network administrator, how would the implied problems be solved in an IPv6 world? -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Why people by NATs
Fred Baker [EMAIL PROTECTED]: I submit that if your environment is at all like mine, you don't actually configure 192.168.whatever addresses on the equipment in your house. You run DHCP within the home and it assigns such. That being the case, you actually don't know or care what the addresses are on your equipment. You care that your SIP Proxy and etc know the relationships, and they derive them directly without your intervention. Actually, I do set up static addresses. I'd use DHCP, but if I did that I would not be able to refer to the machines on my local net by name. Until my DHCP client can update my DNS tables with name information on the fly, I'll keep doing doing it this way. Apple's zeroconf technology solves this problem, albeit in a slightly different way, but Linux doesn't deploy it yet. I don't think my situation is unique. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Why people by NATs
Peter Ford [EMAIL PROTECTED]: I do vehemently agree with your last paragraph. In some sense, you are saying that NAT is an intrinsic part of the nominal residential gateway (could be expanded for soho and small/medium business). Indeed. I think this is true. Several people on this list have tried to tell me that I don't really want the IP address space on my local net to be decoupled from the server address. They are wrong. I want to be able to change ISPs by fixing *one* IP address in *one* place, and I want to control the mapping from global IP addresses to local ones. This desire has nothing to do with IPv4 vs. IPv6 and everything to do with wanting to be able to make only small, conservative changes in my network configuration rather than having to completely disrupt it. Once again, I don't think my situation is unique. I only have five machines on my net -- my desktop box, my wife's desktop box, my laptop by WiFi, an Apple PowerMac we watch streaming video on, and the mail/web server downstairs. For somebody administering a network of 100 machines, the hassle cost of IP renumbering would be twenty times larger. Given this, how could anyone wonder why NAT is popular? -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Why people by NATs
Chris Palmer [EMAIL PROTECTED]: There's another feature of NAT that is desirable that has not yet been mentioned, and which at least some customers may be cognizant of: the fact that NAT is a pretty restrictive firewall. I'm as big a fan of the end-to-end principle as anybody, but until the ends are trustworthy, we can't get there. Whether by IPv6 or IPv4, less-than-fanatically-administered Windows and Unix systems simply cannot be directly connected to the Internet. I wouldn't go that far. I wouldn't describe myself as a fanatical admin; lazy and barely competent would be closer to the mark :-). Despite this, I've never had a breakin in more than a decade. I'm comfortable connecting a Linux system directly to the Internet, as long as the internal software firewall is on, It's nice to have my firewalling done by a box that is too stupid to be cracked, but what I need from the Linksys is really the address multiplexing. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a pgpogUUtEY9no.pgp Description: PGP signature ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
The gaps that NAT is filling
Eliot Lear [EMAIL PROTECTED]: You wouldn't care about touch points if even a large number were reliable and secure, and that is the key. I'm not sure I understand that sentence. What's a touch point? And what does security have to do with any of this? My issue is with how much administrative overhead my network interface imposes on me over its entire lifecycle, potentially including multiple changes iof ISP. At the consumer level I think it's VERY important that most people not care about the IP address they are assigned. In fact it's important that they not have to know anything about what they're addressed! And you're right: it doesn't matter whether it's v4 or v6. So. Where are the gaps? Well. Ideally, when I plug my router into the ISP's cable, it should invisibly negotiate an IP address range with the ISP as DHCP does now. Thereafter, whenever a machine initializes its network access, it should (1) grab an IP address from the range Ideally, the address allocations should be stable even as machines are inserted and deleted onm my local net, so other peoples' DNS caches don't become invalid every time I have to reboot a server. Perhaps base them on a hash of the requesting machine's MAC address, with backoff in the (rare) collision cases? (2) propagate updates to my DNS servers so lookup-by-name works. This is important. As long as this isn't true, DHCP is useless for servers. I should be able to declare my firewall and redirection rules by local host name and have everything work, -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Kai Henningsen [EMAIL PROTECTED]: 1. Two major open-source development groups felt it was both necessary and appropriate to state that they would not implement SenderID regardless of IETF's decision. This is specifically what I meant by routing around the IETF. You are confusing will not with cannot here. It's not we don't want SenderID, it's we cannot use SenderID even if we want to. Thus, it is about (legal) facts, not about refusing cooperation. That is not how I read their letters. 2. IETF failed to take any position opposing the patent in spite of both prior art and the belief of key participants that Microsoft deliberately lied about its position and intentions. By doing so, IETF signaled that there will be no downside to even the most blatant patent raid on a development standard, and invited future raids by Microsoft and others. Given that the WG was shutdown with no ratified standard, this also seems like a serious misrepresentation. In what way? Microsoft now knows that with the mere threat of a patent it either can shut down IETF standards work it dislikes or seize control of the results through the patent system. The IETF has dignaled that it will do nothing to oppose or prevent these outcomes. The raid *failed* - thanks to the IETF doing the right thing. It looks like success to me. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
shogunx [EMAIL PROTECTED]: In what way? Microsoft now knows that with the mere threat of a patent it either can shut down IETF standards work it dislikes or seize control of the results through the patent system. The IETF has dignaled that it will do nothing to oppose or prevent these outcomes. How so Eric? Could you give an example of potential weakness in the IETF process that could be exploited? So perhaps we could start patching? How would such a patent based denial of service attack scenario play out? Watch what happens with anti-spam standards in the next nine months. I fear it's not going to be pretty. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Carl Malamud [EMAIL PROTECTED]: Well, yes, perhaps we are a gang of baboons. You've got a church model of open source with you as pope. Funny, I don't recall having excommunicated anyone or spoken ex cathedra lately. If you want blessings, apply to RMS in his St. Ignucius persona; I don't do that stuff. No pope here, just a monkey still trying to cope with having been shoved in front of a parade. I'm as anti-authoritarian as the next hacker. But when that reflex prevents us from recognizing the very expertise we're explicitly asking for, it's a problem. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Bill Sommerfeld [EMAIL PROTECTED]: This looks to me like an informal attempt at forming a design team. I think it would be good for you (ESR) to review the text on design teams in RFC2418 and the subsequent IESG note: http://www.ietf.org/IESG/STATEMENTS/Design-Teams.txt because it provides time-tested, sage advice on how to go about producing something which stands a chance of being accepted by us baboons in the peanut gallery. Have done so. Are you suggesting that RMS and I should form a design team? -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Brian E Carpenter [EMAIL PROTECTED]: I don't think we can require the IESG to negotiate anything. There are all kinds of legal issues there. To my knowledge, both WGs and the IESG do think carefully about this, but often conclude that the default IETF conditions (RAND) are realistic and acceptable. If IETF continues to believe this, groups like Apache and Debian will continue to have to end-run IETF by doing the job of defending the Internet commons that IETF is abdicating, and IETF's authority will evaporate. It is not 1982 or even 1992 any more. Conditions have changed dramatically. I would hate to see IETF dwindle into irrelevance, but that is exactly where statements like this are pointing. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
This was down at the end of a long post, but everybody in this discussion should see it. Paul Vixie [EMAIL PROTECTED]: as much as i hate to be seen agreeing with mr. raymond, who has inaccurately characterized both his own representative powers and the minority status of those views of mine he does not share, there is one grain of truth to what he has said here of late. standards will be open, and ietf's choice is not whether standards will be open (that being foregone), but whether ietf will continue to be the place where these open standards are defined. open in this context requires actual and passionate adherence to, and not just the mouthing of the slogans for, process transparency, unbiased decision making, and technological superiority. Correct. IETF's choices reduce to working wholeheartedly with the rest of the open-source community or watching history pass it by. This has now been noted by somebody who is a lot closer to the center of the IETF cloud than I am. Will this be sufficient to wake up others? I hope so. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Paul Vixie [EMAIL PROTECTED]: mr. raymond's claims of representation don't help me and might, by creating misunderstanding amongst the consumers of open source software, hurt me. Let's put an end to these far-reaching interpretations of representation, which are a product of Mr. Schryer's fevered brain overinterpreting my original statement. Originally, somebody asked that the open-source community get its act together about what acceptable patent-license terms would be. I said this: if IETF wants to know what form of patent license will be acceptable to the open-source community, the people to ask are Richard Stallman (representing FSF) and myself (representing OSI). Between us (and especially if we agree), I believe we can speak *with regard to this question* for 95% of the open-source community. This does not make either of us power-mad dictators intent on domination, just most peoples' recognized experts on what constitutes an acceptable open-source license. If either Mr. Schryer or yourself chooses not to be considered part of that most people, fine -- the fact remains there are an awful damn lot of developers expecting RMS and myself to *do* *this* *job* so they don't have to. Cripes. It'd be easier trying to serve a gang of baboons, sometimes... -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Vernon Schryver [EMAIL PROTECTED]: From: Eric S. Raymond [EMAIL PROTECTED] Your two people to go to on this would be RMS (representing the FSF) or me (representing the OSI); between us I believe we can speak for over 95% of the community. I hate it when elected politicans presume to speak for me. I will not sit quietly and let self-appointed individuals try the same. *DO NOT* tell me to my face that you are negotiating on my behalf or even just for 95% of the other people who write or have written software that might be called open by virtue of being freely redistributable and in use by lots of people until you can can point to the results of a real plebiscite. Even then, you won't be speaking for me until I personally and explicitly say so. There's been no plebiscite, of course. However, web content analyses and surveys of the licenses used at sites like SourceForge and ibiblio paint a pretty consistent picture of who developers consider the authorities on licensing and IPR best practice. Those authorities are FSF and OSI. While I respect your desire that I not represent you (or claim to), the reality is that people outside our community are generally going to behave as if I do. OSI as an organization, and I as an individual, had to build that reputation in order to represent *anybody* effectively, let alone the large number of developers that want us to. And this was a job that needed doing, so I won't apologize for taking it on. If you and Mr. Stallman want to speak for your respective organizations, then peachy. If you want to speak based on what you consider your own great experience and deep thoughts on the issues, then that's also good. If you want to pretend that you speak for me out of my earshot, then I'll do my best to not hear. Just don't stand in front of me telling me that you have my best interests at heart and that I must trust you. I do in fact believe I have your best interests at heart; this is a safe thing for me to believe, because I have no actual power over you. I do not require that you trust me, though that would be nice. Many people do trust me and don't seem to have been harmed by it. You're a typical member of the 5%, in that what bothers you is not policies or the effects of what we do, but our implied claim to represent you. I do not presume to criticize your position, but neither am I going to abandon my duty to hackers who *do* want OSI to represent them on any single refusenik's say-so. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
shogunx [EMAIL PROTECTED]: In fact, the *only* way to do open source is without this distinction. I actually wish it were otherwise, but my wishes have no effect on the logic of the situation. Why do you say that? Because trying to make a distinction between commercial and noncommercial activity is a road down which lies a toxic swamp of inadequate variant definitions and license conflicts. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Pekka Savola [EMAIL PROTECTED]: Think harder. The problem with area-of-application rules is isomorphic to the commercial/noncommercial problem. The really nasty cases are near service libraries. Maybe you should spell this out. For example, service libraries need not be a problem. Consider a service library which infringes a patent on SIP, which is to be restricted to interoperability with the SIP protocol. There is no issue if the service library is only useful with SIP, because all the use cases of the service library (excluding looking at the code and taking away the code) would be OK by the policy. Obviously, there is a problem if a patent claims to invent something commonplace such as 'xml', and grants its use only for the purpose of IETF standards or a specific standard. But I'm not sure if I recall something like that. What happens when I want to re-use (say) a hash function from a library with patent coverage and an area-of-application rule on the patent license? -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Nathaniel Borenstein [EMAIL PROTECTED]: This strikes me as oversimplistic. What if a commercial enterprise wanted to license its IPR in such a way that it put no constraints on open source, but retained constraints on commercial competitors? I'm not sure you can get around a technical mandate for some kind of license and still retain those options. -- Nathaniel Your suspicion is correct. The problem -- which I and others looked for a way around for years, to no avail -- is that there is no bright-line way to separate commercial from noncommercial activity. All attempts trip over edge cases like this: * A distributor aggregating software to be sold as a CD-ROM anthology for a modest fee. * An engineer using software for development on a project which is not yet software for sale, but intended to be in the future. * Development activity taking place at a for-profit subsidiary of a non-profit association. The open-source community figured out by about 1997-1998 that there is no way to discriminate between commercial and noncommercial activity that does not create fatal uncertainties about who has what rights at what times. When you add the problems of mixing software with licenses having *different versions* of such a distinction the downside gets even worse. Thus, the licensing guidelines of both the OSI and FSF forbid attempts at this. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Simon Josefsson [EMAIL PROTECTED]: There seem to be some misunderstanding here, free software is not non-commercial. If someone wants to put restrictions of their ideas on commercial competitors, that prevent the idea from being used in free software as well. The rights associated with free software are granted to commercial entities as well. That's an ideological answer, and therefore useless to anyone who does not already buy the ideology. Please see my last post for a less value-laden explanation. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Margaret Wasserman [EMAIL PROTECTED]: I am afraid that your choice below won't mesh very well with why companies have software patents in the first place. You're right, it doesn't. Unfortunately, we really cannot live with anything less than I have described. My personal wish that this reality were different is as fruitless as yours. However, in doing this, MMI wants to ensure two things: (1) That they continue to protect their patent rights regarding the use of this technique for other purposes (such as cheese graters and IP phones). So, they want to limit the royalty-free terms to implementation of the IETF's WRAPCTL protocol and/or to use on Wireless Access Points. (I think that this would run amok of your proscription against restricting the area of application, right?) Right. Area-of-application rules mean that code reuse can be fraught with dangerous legal problems because of someone's well-meaning judgment call about what's in-area and what is out-of-area. Such legal exposure is death to us -- our project groups can't afford lawyers to fight those battles -- so our licensing requirements have to foreclose that entire category of causes of action. Otherwise our development and distribution methods, which depend on code reuse and redistribution being safe and friction-free, would seize up and croak. Myself, I'll cheerfully recognize that MMI's interest is legitimate in some sense -- I wish I knew of a way to solve this problem that doesn't have deadly poison side-effects, and have devoted a lot of think time to trying to invent one. No joy. (2) That they maintain and enhance the defensive value of their patent, by making it clear that the royalty-free terms do not apply to anyone who sues them for violation of a different patent. (If I understand correctly, the OSS community doesn't have a problem with this concept, as long as no paperwork is required?). That's correct. Are there any IPR terms that MMI could offer that would meet these goals while also allowing the WRAPCTL protocol to be implemented in OSS implementations? If we could find that middle ground, I think it would be very valuable to the IETF and to the OSS community. I don't believe any such middle ground exists. I and others have tried to imagine it into existence and failed. We regret this, but it seems to be reality. The sad truth, of course, is that (in the example above) it is far more likely that MMI would not determine that the WRAPCTL protocol violated their patents until longer after it had been standardized by the IETF and implemented in many commercial and OSS implementations. So, what would be do then? Suffer a lot. What your scenario demonstrates is that there is a fundamental and nigh-unbridgeable conflict between open-source development and the patent system. The open-source community is already well aware of this, thank you. We don't know what to do about it either. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Pekka Savola [EMAIL PROTECTED]: Hmm.. Being an OSS/FSF enthusiast myself, I'm not sure if the last requirement, about code re-use, is a strict requirement. Sure, it would be nice if there wasn't such a thing, but it would seem to be better to get the first two points and fail at the third than get nothing at all. Think harder. The problem with area-of-application rules is isomorphic to the commercial/noncommercial problem. The really nasty cases are near service libraries. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Paul Vixie [EMAIL PROTECTED]: eric is saying that the previous situation whereby a draft author surrendered the IPR before RFC publication was better. various others have said but what if the IPR terms try to distinguish between commercial and noncommercial? my observations are (1) there are ways to do open source without this distinction, and (2) authors cannot be expected warrant their IPR surrender in any case. In fact, the *only* way to do open source is without this distinction. I actually wish it were otherwise, but my wishes have no effect on the logic of the situation. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
RL 'Bob' Morgan [EMAIL PROTECTED]: On Fri, 15 Oct 2004, Brian Rosen wrote: You guys don't have a problem with the defensive suspension/no first use clauses, do you? Is there a preferred wording for it? I think you'll find virtually identical wording on this topic in several well-known licenses: http://www.apache.org/licenses/LICENSE-2.0 http://www.mozilla.org/MPL/MPL-1.1.html http://www.eclipse.org/legal/cpl-v10.html http://www.opensource.org/licenses/afl-2.1.php Indeed. The language in these licenses represents the community consensus about patent termination. Yes, there really is one; the official line of the Debian project is an outlier, in dispute within Debian itself. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Sam Hartman [EMAIL PROTECTED]: This is one of the many reasons why I think the free software community needs to get together and decide what it wants *before* coming to the IETF. Your two people to go to on this would be RMS (representing the FSF) or me (representing the OSI); between us I believe we can speak for over 95% of the community. I know FSF's position; if and when it differs substantially from OSI's I'll tell you. On IETF-relevant issues substantive differences are quite unlikely -- the main difference between these organizations is of style and propaganda. (Some FSF partisans deny this, insisting there are deep philosophical issues dividing FSF from OSI. OSI does not reciprocate this belief, and in any case the imputed differences are not relevant to the IETF's concerns.) -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Simon Josefsson [EMAIL PROTECTED]: I wouldn't go as far as saying IETF is part of the open-source community. Well, it is in at least the historical sense -- that is, of having provided an important model for decentralized cooperation that shaped the open-source tradition. Fred Baker, representing IETF at the 1998 summit conference where the term open source was adopted, expressed no doubt that IETF belonged in the community we were declaring. The fact that most implementations of IETF standards are closed-source is not a disqualifier. It is sufficient that almost all IETF standards *can* be implemented in open source -- that, except for the serious policy defect near patents, the IETF process comes close to guaranteeing this. However, I do believe that if IETF no longer provide a service to the open-source community, IETF will have lost its power in shepherding protocol standardization. Agreed. And I see this as a problem -- I value the IETF's institutional knowledge quite highly, and thus do not want it to lose that power. (Historical note: Yes, I have been an active IETF participant, notably in the development of the RFC2822 standard.) I'm mulling over some points for an essay in which I will discuss in depth the impact of open source on standards organizations. If and when I write it, I will post a pointer here. The copying condition issue haven't yet reached critical mass, but from what I can tell, it is getting closer and closer. This problem has a solution that should be both technically and politically easy. The IETF should adopt the appropriate variant of the Creative Commons license (permitting derivative works but requiring attribution) for RFCs. This change would have at least three good effects: 1. It would eliminate the technical problem with derivative works which you have pointed out. 2. It would harmonize IETF's practice with open-source community norms. 3. It would relieve IETF of the burden of maintaining its own legal language to solve this problem. The CC folks are specialists in the relevant legal issues and can do a better job. Since this change would remove restrictions from use of the RFCs rather than adding them, it probably does not require a plenary session but could be put through as an adninistrative change by the RFC editor, Is the RFC editor listening? -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Eliot Lear [EMAIL PROTECTED]: We're not out to rid the world of patent-laden work, nor are we out to make patent owners rich. The IETF exists to promulgate relevant and correct standards to the Internet Community, and educate people on their intended safe use. You'll talk yourself right into the dustbin of history with that line. I think that would be very sad, considering the IETF's contributions in times past. But it's where IETF seems to be headed now. Reality check: Apache has 68% market share. Open-source MTAs handle 85% of all email traffic. When Meng Weng Wong was thinking about how to evangelize SPF, his first instinct was to bypass IETF and go straight to the open-source MTA developers -- I had to lobby hard to persuade him to go through the RFC process, and now I wonder if I was right to do that. The ground under software standards organizations has been shifting; significant parts of the commons-creation function that once belonged to it have moved to open-source project groups like the ASF or xiph.org. Nowadays, what the Linux kernel hackers do matters a hell of a lot more to Unix standardization than anything the Austin Group emits. A big issue, in this kind of environment, is what traditional standards organizations have to do and be in order to retain any utility at all. Certainly it isn't the IETF's job to rid the world of patent-laden work. But you'd better believe that it *is* the IETF's job to ensure that Internet standards are an open commons, implementable by anyone without fear they'll be raped and pillaged by hordes of attack lawyers. If you don't embrace that mission, you're soon going to find you have no mission left that some outfit like ASF or xiph.org or W3C isn't doing better. You've had two direct warnings about this -- the ASF and Debian open letters. They interpreted IETF's passivity on the Sender-ID patent issue as damage and routed around it. If the IETF doesn't get its act together, that *will* happen again. The open-source community and its allies will have no choice but to increasingly route around IETF, and IETF will become increasingly irrelevant. I do not want to see this happen. You shouldn't either. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Patents (Re: Shuffle those deck chairs!)
Harald Tveit Alvestrand [EMAIL PROTECTED]: I do think we (the community) have a chance at finding ways to render those patents that crop up in the commons harmless. And what ways would those be? -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Patents (Re: Shuffle those deck chairs!)
Harald Tveit Alvestrand [EMAIL PROTECTED]: If it was possible to set up things in such a way that it was easy for a company to declare no first use on a patent in the space of standards implementation, and very disruptive for a company to renege on such a promise (for instance, by having all the no first use promises by other companies being rendered inoperative), we might get something. but this is just me thinking aloud. I have not been able to get any patent lawyers interested in pursuing/spearheading this train of thought. In fact, Larry's go on the offense proposal appears to be derived from a patent-termination-clause concept I invented four years ago, which he later wrote into the 1.0 versions of AFL and OSL. It didn't work. None of the legal departments at IBM or the other Fortune-100 corporations with the biggest stake in open source were willing to go first in sacrificing the advantage of being able to play multi-billion dollar games of chicken with their portfolios. So I *have* been able to get patent lawyers interested in pursuing/spearheading this train of thought. And it dead-ended. Thus, in part, my belief that IETF and W3C and other standards organizations must lead on this issue or become irrelevant. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Re: Shuffle those deck chairs!
Scott W Brim [EMAIL PROTECTED]: However, there appears to be rough consensus emerging that an IPR assertion is acceptable if any of the following are true: - a license is explicitly not required. - a license is explicitly free with no restrictions. - a license is explicitly free with rights of defensive suspension (what Harald calls no first use). This is very close to W3C's policy. OSI could get probably get behind it, though the details of no first use would have to be carefully specified. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
Shuffle those deck chairs!
Dave Crocker [EMAIL PROTECTED]: 1. Nothing about the reorganization is going to make IETF standards be more useful or be produced significantly more quickly. Hence, reorganization has nothing to do with the really serious threats to IETF long-term survival. Indeed it does not. I've been lurking on this list for a couple of months now, and I am fighting an increasing feeling that I am watching deck chairs being rearranged on the Titanic. In the last 60 days, the IETF has taken the worst blow to its credibility that I have observed in the entire history of the organization. I refer, of course, to the Sender-ID debacle, which exposed IETF's inability or unwillingness to defend Internet standards against patent predation even when the existence of prior art is readily establishable. Here is what I had to say to Yakov Shafranovich on 7 September: I believe the IETF's stated policy of passivity in the face of IPR power grabs damages the IETF first and foremost. The whole point of having standards organizations is that they coordinate multiple competing interests to create a neutral commons that grows a market faster. No standards organization can long remain relevant if the net effect of its activities is not to do this but rather to rubber-stamp proprietary control, creating monopolies in slower-growing markets rather than commons in faster-growing ones. In times past, simply ignoring the more outrageous claims may have been enough of a response. I don't think it is today. Conditions have changed. Post-DMCA and with the USPTO interpreting the scope of patents ever more liberally, IPR law has more teeth than it used to and the perceived risk attached to ignoring IPR claims has escalated. Accordingly, any standards organization that wants to keep itself relevant (e.g., useful to multiple competing interests) can no longer merely describe a commons and piously hope nobody will fence off too big a chunk. It has to assert and actively defend that commons, signaling that no raids will be permitted there. Note that nothing in the previous two paragraphs is open-source ideology in any sense, just a straightforward discussion of signaling behavior in markets. I think you'd be hard put to find any economist that would disagree with it. The problems it raises are not unique to IETF; other technical-standards organizations such as W3C, NIST, and ISO are grappling with them as well. I consider the IETF part of the open-source community. While I certainly would not object if the rest of the open-source community's agenda were to affect IETF policy, I think the most pressing reasons for IETF to act are the effect of surrendering to IPR power grabs on the IETF's own viability. Accordingly, the question I think you should be asking is: can the IETF long survive a policy of simply ignoring IPR claims in the hopes they'll go away? You'll have to judge for yourself, but I think the answer is no. As for the rest of the open-source community's position, I think that has been made very clear by the open letters from ASF, Debian and elsewhere. If IETF is not prepared to actively assert and defend a commons, then we have no choice but to write off the IETF as part of the problem rather than part of the solution and do the IETF's signaling job ourselves. Those responses were all about no raids will be permitted here. That is what they *mean*, and IETF's authority took a bad hit from the fact that they had to be issued at all. I think it would be in everyone's interest for the IETF's standing not to be further eroded, and I think the authors of the open letters would agree. But for that good result to obtain, the IETF has got to get off its butt and take back the job of defending the commons. The *whole* job, including rejecting RAND terms and proprietary licensing. A month later, my assessment of the political damage the Sender-ID mess has done to IETF has only gone up. You are on a fast road to irrelevance, gentlemen. You'd best be thinking about how to change *that* rather than conducting meaningless exercises in rearranging your bureaucracy. -- a href=http://www.catb.org/~esr/;Eric S. Raymond/a ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf