RE: draft-housley-iesg-rfc3932bis and the optional/mandatory nature of IESG notes
Andrew Sullivan wrote: Again, I wish to emphasise that this is completely distinct from the question of whether anyone ought to do anything about the state of affairs. I refuse to take a position on that, or even consider it as a topic for a conversation in which I'll be involved. There are enough windmills around without us throwing up new ones at which we can tilt. That's a shame. The standards world is looking for someone who can tilt at the windmills that are the entrenched habits of our day. Who wants to be the hero of that novel? I'm being serious. I agree with you that there is much unhelpful confusion about RFCs. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 Cell: 707-478-8932 -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Andrew Sullivan Sent: Wednesday, September 09, 2009 11:20 AM To: ietf@ietf.org Subject: Re: draft-housley-iesg-rfc3932bis and the optional/mandatory nature of IESG notes On Wed, Sep 09, 2009 at 10:34:02AM -0700, Dave CROCKER wrote: for example, the second and third. Based on that latter set, I could claim that THE perception is that the RFC series is I am at the best of times uneasy with universal quantifiers, and certainly when talking about THE belief of THE Internet, I feel pretty uneasy. Also, I haven't followed this discussion much, partly because I fully agree with the observation that most of it has been hashed so much, and warmed over so many times, that it's now turned into a form of American breakfast potato. But it doesn't seem to me to be doing favours to anyone to deny the obvious point that there's at least a substantial community of people who regard the label RFC as bespeaking an IETF document and also Internet standard. Claiming that it's not true by pointing to examples of careful and clueful definitions (one of which is practically a sockpuppet for the IETF pages themselves) does not clarify this matter. Even organizations involved in the administration of the Internet apparently rely on something being an RFC as somehow implying an _imprimatur_ or at least _nihil obstat_ (if anyone wants evidence of that matter, I think the archives of agreements found at ICANN will be instructive). Again, I wish to emphasise that this is completely distinct from the question of whether anyone ought to do anything about the state of affairs. I refuse to take a position on that, or even consider it as a topic for a conversation in which I'll be involved. There are enough windmills around without us throwing up new ones at which we can tilt. A -- Andrew Sullivan a...@shinkuro.com Shinkuro, Inc. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Important Information about IETF 76 Meeting Registration
Paul Hoffman wrote: There are probably a dozen WGs in the IETF who have had this problem come back and bite them on their collective backsides during protocol development or, unfortunately, after their protocols have deployed. Can you give examples of how providing company/organization affiliation has caused bites to the backside during protocol development/deployment? Were the bites well-deserved? /Larry -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Paul Hoffman Sent: Monday, August 31, 2009 9:28 AM To: Alexa Morris Cc: IETF-Discussion Subject: Re: Important Information about IETF 76 Meeting Registration At 5:55 AM -0700 8/31/09, Alexa Morris wrote: The data collected consist solely of an individuals full name and company/organization affiliation. We are not collecting email address information on the e-blue sheets. Please note that you are now also collecting information that *is not* on the current blue sheets, namely company/organization affiliation. I have noted that some people I know who have signed a blue sheet before me have used personal email addresses while (I assume) their badge lists their actual company/organization affiliation. As a person with multiple company/organization affiliations, I sometimes change the email address I put on the blue sheets to be the one most appropriate to the topic of the WG. It is a bad idea to have this experiment create combined blue sheets that have data that differs depending on the collection method. There are probably a dozen WGs in the IETF who have had this problem come back and bite them on their collective backsides during protocol development or, unfortunately, after their protocols have deployed. Please strongly consider having the readers record exactly what the current blue sheets record, or change the blue sheets to record what the readers are recording for this meeting. The first of these two will most likely cause less revolt. --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Important Information about IETF 76 Meeting Registration
Paul Hoffman wrote: Sorry, I hope that others reading my message understood it better. Paul, I still don't understand. The first sentence in your original email was: Please note that you are now also collecting information that *is not* on the current blue sheets, namely company/organization affiliation. I thought that was the problem to which you were alluding. And my question remains: Is there any evidence that participants in IETF should not provide their company/organization affiliation when they participate? Is there something to hide? I appreciate and respect the following comment, also in your email: As a person with multiple company/organization affiliations, I sometimes change the email address I put on the blue sheets to be the one most appropriate to the topic of the WG. But that is not an excuse to provide no affiliation whatsoever, if you have one (or many). Also, what is the revolt you are expecting in your email? I've reread this entire thread about IETF 76 Meeting Registration and can't figure out who or what you find revolting about meeting registration data being collected by IETF? I'm sorry if I'm just being dense. /Larry -Original Message- From: Paul Hoffman [mailto:paul.hoff...@vpnc.org] Sent: Monday, August 31, 2009 10:18 AM To: Lawrence Rosen; 'Alexa Morris' Cc: 'IETF-Discussion' Subject: RE: Important Information about IETF 76 Meeting Registration At 10:08 AM -0700 8/31/09, Lawrence Rosen wrote: Paul Hoffman wrote: There are probably a dozen WGs in the IETF who have had this problem come back and bite them on their collective backsides during protocol development or, unfortunately, after their protocols have deployed. Can you give examples of how providing company/organization affiliation has caused bites to the backside during protocol development/deployment? Were the bites well-deserved? Sorry, I hope that others reading my message understood it better. By this problem I meant the bit just before what you quoted: data that differs depending on the collection method. A few examples would be IDNs collected from DNS responses vs. user input, MIME headers that get fixed in various transports, IP addresses that differ depending on which side of the NAT you collect them, and so on. --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: [TLS] Last Call: draft-ietf-tls-extractor (Keying MaterialExporters for Transport Layer Security (TLS)) to Proposed Standard
I agree completely with Richard Stallman's responses to an earlier email. I repeat the relevant parts of that earlier exchange below. This reflects a basic policy that should be adopted by IETF. /Larry Rosen * Email from RMS: If you are claiming that one additional software patent can result in fewer software patent infringement lawsuits, indeed that can sometimes be true. But lawsuits are just the tip of the iceberg of the danger of patents. When people decide not to distribute a program, or not to implement a feature, because they fear they would be sued, no lawsuit occurs, but the patent has done harm. In many cases, patents are filed long before the technology is standardized - and, if disclosed properly through the IETF process, can be weighed when determining whether to adopt a standard. IETF should use this leverage to refuse to issue a standard unless the companies in question allow it to be freely implemented and used. In some cases, the IETF may choose to adopt a patent-encumbered standard simply because it's technically superior to other options That is an example of what not to do. -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Richard Stallman Sent: Monday, July 27, 2009 9:37 PM To: Wes Beebee (wbeebee) Cc: d...@av8.com; ietf-hon...@lists.iadl.org; t...@ietf.org; nicolas.willi...@sun.com; ietf@ietf.org Subject: Re: [TLS] Last Call: draft-ietf-tls-extractor (Keying MaterialExporters for Transport Layer Security (TLS)) to Proposed Standard snip ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Extending the Dean Anderson PR-action to lists on tools.ietf.org
Eric Rescorla wrote: Regardless of what the IETF's global policy is and without taking a position on Dean Anderson's postings in general, I am not aware of him having abused these services to send any inappropriate mail to me. I therefore see no good reason to block what is otherwise a useful communication channel. Accordingly, I hereby request that you unblock his posting privileges to any and all of the above mentioned aliases that send mail to me. +1 and a similar request from me. I'm not generally in favor of restrictions on speech as long as I remain free not to listen. In that respect, Dean Anderson has never abused his freedom to speak to me. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Eric Rescorla Sent: Friday, April 17, 2009 10:18 AM To: Henrik Levkowetz Cc: IETF Discussion; i...@ietf.org Subject: Re: Extending the Dean Anderson PR-action to lists on tools.ietf.org Hi Henrik, Henrik Levkowetz wrote: As a service to the community, there are two sets of email address alias lists maintaned on tools.ietf.org: One list provides aliases for the WG chairs of all active working groups and also of chairs of working groups which have been closed recently, and also equivalent aliases for working group ADs, patterned so: wg-acronym-cha...@tools.ietf.org and wg-acronym-...@tools.ietf.org. Another list provides aliases for draft authors, so that they can be reached through aliases following the pattern draft- name@tools.ietf.org. The service is described briefly on http://tools.ietf.org/ under the Share and Communicate heading. First, I want to say that this is a great service. I do a fair number of reviews and I use these aliases all the time... It's really become a critical part of our infrastructure. As maintainer of these lists, I, Henrik Levkowetz, hereby let it be known that I have chosen to extend the posting rights action against Dean Anderson (see http://www4.ietf.org/iesg/pr-action.html) to also apply to these lists, according to the provisions for posting rights actions described on the above referenced web page and the references it mentions. While this may be technically within the limits of 3683, I don't think it comports well with the spirit of the document. To recap, the effect of a PR-Action is that: o those identified on the PR-action have their posting rights to that IETF mailing list removed; and, o maintainers of any IETF mailing list may, at their discretion, also remove posting rights to that IETF mailing list. From the rest of the context of the document, I think it's reasonably clear that the purpose of allowing maintainers of other mailing lists to remove posting rights is to allow them to quickly respond to disruptive behavior *on those lists*. In the case of WG or other discussion lists, this is a reasonably good fit: the maintainer of the list is generally the chair and so is responsible for monitoring and facilitating discussion and is well position to determine whether the subject of a PR action is disruptive. However, this is not really the case for these lists, which are just expanders for the relevant chairs, ADs, or draft authors. While you may be maintaining the list in a technical sense, the recipients are the ones who monitor the communication and are in a position to determine whether it's disruptive or not. I don't think it fits well with the intent of 3683 to have a global decision to be taken on all these services by someone who is not involved in the discussion, regardless of whether those involved have complained. I'm not saying that PR Actions can't be extended to these aliases (though I think that given Sam's comments it's an open question and given the ease of expanding them directly it seems rather pointless) but in my opinion at minimum it should be upon request of the recipients, not the decision of a global maintainer. Regardless of what the IETF's global policy is and without taking a position on Dean Anderson's postings in general, I am not aware of him having abused these services to send any inappropriate mail to me. I therefore see no good reason to block what is otherwise a useful communication channel. Accordingly, I hereby request that you unblock his posting privileges to any and all of the above mentioned aliases that send mail to me. Best, -Ekr ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Consensus Call for draft-housley-tls-authz
John Levine wrote: In North America, at least, experimentation per se doesn't infringe patents. See http://en.wikipedia.org/wiki/Research_exemption Once again, I wish non-lawyers would ask question before interpreting the patent law. The experimentation exception referred to in that wikipedia article [ยง271(e)(1) or Hatch-Waxman exemption] is largely relevant to pharmaceuticals in process of tests and experiments for regulatory approval. It has nothing whatsoever to do with software that doesn't get approved by anyone. Is that what IETF's April Fools RFCs are about? Perhaps drugs will improve Internet performance. It is worth an experiment Alessandro Vesely wrote: This habit of requiring two lawyers and a judge for every pair of citizens is really annoying. It is the main reason for seeking unencumbered environments, IMHO. Software is complicated enough already. Fortunately for all of us, there aren't quite that many lawyers. So practice your complicated engineering and let us lawyers do our job. /Larry -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Alessandro Vesely Sent: Sunday, March 15, 2009 11:14 AM To: John Levine Cc: ietf@ietf.org Subject: Re: Consensus Call for draft-housley-tls-authz John Levine wrote: Apparently, publishing a message as experimental is an invitation by the IETF to experiment with a new protocol. What sense does that bear, if accepting IETF invitations is likely to result in legal troubles? In North America, at least, experimentation per se doesn't infringe patents. See http://en.wikipedia.org/wiki/Research_exemption However, it is difficult to exactly trace a boundary between normal exploitation of a patent and a strictly controlled experiment. For example, I don't think that all the mail hubs currently using SPF would be considered mere experiments, but SPF is still experimental. Of course, if publishing as experimental explicitly included licenses, that idea might work. Can we stop playing Junior Lawyer now, please? That's what I'd hope. This habit of requiring two lawyers and a judge for every pair of citizens is really annoying. It is the main reason for seeking unencumbered environments, IMHO. Software is complicated enough already. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Consensus Call for draft-housley-tls-authz
SM wrote: A request for publication as Experimental may get rejected if the publication is deemed harmful. Does that include legal threats? Of course! Wouldn't you consider that prudent under some circumstances? Or are some at IETF actually trying to set implementers up for legal action by refusing to evaluate *disclosed* threats? /Larry -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Alessandro Vesely Sent: Wednesday, March 11, 2009 2:28 AM To: SM Cc: r...@gnu.org; ietf@ietf.org Subject: Re: Consensus Call for draft-housley-tls-authz SM wrote: A request for publication as Experimental may get rejected if the publication is deemed harmful. Does that include legal threats? ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Does being an RFC mean anything?
The recent threads about draft-housley-tls-authz have taught me something I didn't know about IETF, and I don't like what I've learned. There are, it appears, many types of IETF RFCs, some which are intended to be called Internet standards and others which bear other embedded labels and descriptions in their boilerplate text that are merely experimental or informational or perhaps simply proposed standard. One contributor here described the RFC series as a repository of technical information [that] will be around when I am no longer around. The world is now full of standards organizations that treat their works as more significant than merely technical information. Why do we need IETF for that purpose? If all we need is a repository of technical information, let's just ask Google and Yahoo to build it for us. Maybe our Internet standards should instead be created in an organized body that pays serious attention to the ability of the wide world to implement those standards without patent encumbrances. But even if IETF isn't willing to amend its patent policy that far-and most SDOs still aren't, unfortunately-at the very least we should take our work seriously. When someone proposes a serious RFC, we should demand that the water around that RFC be swept for mines-especially *disclosed* patent mines that any serious sailor would want to understand first. If IETF isn't willing to be that serious, maybe we should recommend that our work go to standards organizations that do care? As far as my time to volunteer for a better Internet, there are far better ways to do it than listening here to proposals that are merely technical information. At the very least, separate that into a different list than IETF.org so I know what to ignore! By the way, many of the same companies and individuals who are involved here in IETF are also active participants in W3C, OASIS, and the new Open Web Foundation, all of which organizations pay more attention to patents and the concept of open standards than what IETF seems to be doing here. So let's not be disingenuous, please. Almost everyone here has previous experience doing this the right way. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Consensus Call for draft-housley-tls-authz
Stephan Wenger wrote: Please note that I didn't make a proposal. I can live quite well with a misalignment of IETF terminology and reality as perceived outside the IETF. So can the industry, I think. What I was commenting on is that it does not make sense to me to re-iterate the mantra of Experimental RFCs not being standards, when there is ample evidence that a large percentage of the outside world views this differently. It seems to take only the intervention one of the (security / congestion control / anti-patent / ...) communities of the IETF to move a document intended for standard's track to the, arguably, second-class RFC status known as Experimental. Again, that's not a problem for me, for the reason stated above. Hi Stephan, The misalignment of IETF terminology and reality continues to bother me. I hope you don't expect the FOSS part of our software industry to live with that misalignment just because big companies can afford to evaluate patent risks in private. Since we are talking about a specific patent disclosure here and not some abstract terminology, then *experimental* status for draft-housley-tls-authz makes not one tiny bit of legal difference. Patents deal with *use* and don't care about the purpose. IETF contributors can write about TLS all we want, and maybe even draft software to implement that proposed RFC, but the moment we execute code on a computer we would potentially infringe. Experiment or for actual commercial purposes, it would still be an infringement. We could be liable potentially for years' worth of damages. We could yet be faced with an injunction that would make our standardization and implementation efforts utterly useless. Isn't that the reality? If we use different terminology to identify this IETF RFC, how does that change anything? Not that we have any good reason to believe that the disclosed patent claims will be issued for real; this is merely a patent application, and we're all still speculating randomly about future risks. Best regards, /Larry ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Consensus Call for draft-housley-tls-authz
Lawrence Rosen wrote: If we use different terminology to identify this IETF RFC, how does that change anything? Paul Hoffman replied: Because you earlier complained about IETF standards having known patent issues. Now we are talking about experimental protocols that are not standards. And I am saying that it doesn't make a bit of difference legally. If you infringe for experimental reasons, that is still infringement. I don't think we should publish under the IETF imprimatur if there are *unresolved* known patent issues about which ignorant and cautious people continue to speculate blindly. Why should any of us waste time and money on IETF and commercial and FOSS experiments if they may cost us too much money downstream? Its authors are free to publish draft-housley-tls-authz already. Google is free to index that document already. Why do you insist upon granting it an IETF RFC status without first deciding if the disclosed patent claims are likely bogus? /Larry -Original Message- From: Paul Hoffman [mailto:paul.hoff...@vpnc.org] Sent: Tuesday, March 10, 2009 10:31 AM To: lro...@rosenlaw.com; ietf@ietf.org Subject: RE: Consensus Call for draft-housley-tls-authz At 10:22 AM -0700 3/10/09, Lawrence Rosen wrote: If we use different terminology to identify this IETF RFC, how does that change anything? Because you earlier complained about IETF standards having known patent issues. Now we are talking about experimental protocols that are not standards. --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Consensus Call for draft-housley-tls-authz
Phillip Hallam-Baker wrote: Institute the policy as you suggest and you have just given the patent trolls the power to place an indefinite hold on any IETF proposal. I have never suggested placing any kind of hold on any IETF proposal. Propose all you want. Publish the proposal. Try to convince people that it is a good proposal. Establish a WG to design away An IPR Disclosure has been filed in accordance with standard IETF procedure. What I've suggested is due diligence to determine the implications of that disclosure. Only THEN is publication as an IETF RFC justified. Experimental or not, industry standard or not, an IETF RFC encourages companies to implement and use the technology, and that may be patent infringement. Or it may be a bogus IPR disclosure that intelligent people could decide to ignore. I am certainly not giving patent trolls any more power than they deserve. In fact, I hope to dispose of this particular TLS patent troll once we get a small group of patent attorneys to analyze the IPR disclosure like professionals do it. Just like W3C does it. They don't give patent trolls power either. /Larry -Original Message- From: Hallam-Baker, Phillip [mailto:pba...@verisign.com] Sent: Tuesday, March 10, 2009 1:24 PM To: lro...@rosenlaw.com; Paul Hoffman; ietf@ietf.org Subject: RE: Consensus Call for draft-housley-tls-authz Institute the policy as you suggest and you have just given the patent trolls the power to place an indefinite hold on any IETF proposal. So instead of extorting payment for exercise of the claims they hold the standard hostage. -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Lawrence Rosen Sent: Tuesday, March 10, 2009 3:28 PM To: 'Paul Hoffman'; ietf@ietf.org Subject: RE: Consensus Call for draft-housley-tls-authz Lawrence Rosen wrote: If we use different terminology to identify this IETF RFC, how does that change anything? Paul Hoffman replied: Because you earlier complained about IETF standards having known patent issues. Now we are talking about experimental protocols that are not standards. And I am saying that it doesn't make a bit of difference legally. If you infringe for experimental reasons, that is still infringement. I don't think we should publish under the IETF imprimatur if there are *unresolved* known patent issues about which ignorant and cautious people continue to speculate blindly. Why should any of us waste time and money on IETF and commercial and FOSS experiments if they may cost us too much money downstream? Its authors are free to publish draft-housley-tls-authz already. Google is free to index that document already. Why do you insist upon granting it an IETF RFC status without first deciding if the disclosed patent claims are likely bogus? /Larry -Original Message- From: Paul Hoffman [mailto:paul.hoff...@vpnc.org] Sent: Tuesday, March 10, 2009 10:31 AM To: lro...@rosenlaw.com; ietf@ietf.org Subject: RE: Consensus Call for draft-housley-tls-authz At 10:22 AM -0700 3/10/09, Lawrence Rosen wrote: If we use different terminology to identify this IETF RFC, how does that change anything? Because you earlier complained about IETF standards having known patent issues. Now we are talking about experimental protocols that are not standards. --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Proposal to create IETF IPR Advisory Board
Stephan Wenger wrote: My personal view on PAGs, therefore, is that they have not delivered what they promised. Hi Stephan, As always, I appreciate your response. Allow me to suggest, though, that the examples you cited prove the success of PAGs, at least as I hoped they would be. Section 7 of the W3C Patent Policy was a carefully crafted compromise that finally ended three years of acrimonious debate in the W3C Patent Policy Working Group. It got so bad at one meeting that I, as an invited expert and representative of the open source community, threatened to shoot a water pistol that Danny Weitzner gave me at one of the opponents of that royalty-free W3C policy. :-) So when I suggest W3C's Section 7 (PAGs), along with the PSIG, as a model for IETF, I fully expect arguments. You described two W3C PAG situations, one in which community pressure inside W3C as a whole led the rightholder to change its licensing arrangements, and another in which a somewhat different approach was chosen instead. In what sense isn't that success if the goal--as it is in W3C--is to avoid patent encumbrances to its specifications? I'm delighted that our hard-fought compromise PAG solution to patent encumbrances worked for the W3C community as intended! I recognize that there is no consensus in IETF to refuse patent encumbrances entirely. But that's not the issue for an IPR Advisory Board. Such boards do not set policy, they advise about its implications. So if an IETF IPR Advisory Board were to say to the working group, that's a serious patent and it will cost money to make and use products..., then IETF can still decide to proceed. Nothing changes with respect to policy. That, by the way, was what the compromise in W3C Patent Policy Section 7 was all about. At the end of the day, even W3C can elect to proceed with a patent-encumbered standard. However, from my perspective it is fortunate that, as a result of the PAGs, the community is likely to figure out collectively how to work around the encumbrance given the right skills applied to the problem! That's really what opponents of an IPR Advisory Board fear. That's what these same people feared when the PAGs were first proposed as a compromise in W3C. Best regards, /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen -Original Message- From: Stephan Wenger [mailto:st...@stewe.org] Sent: Thursday, February 19, 2009 10:58 AM To: lro...@rosenlaw.com; ietf@ietf.org Subject: Re: Proposal to create IETF IPR Advisory Board Hi Larry, As you know better than most here, including myself, W3C uses two very different bodies to cope with IPR matters: 1. the PSIG, a standing committee, issues advise on policy interpretation and maintains the policy FAQ. To the best of my knowledge, the PSDIG does not look at individual patents or (draft) W3C Recommendations. 2. PAGs are formed whenever W3C has obtained knowledge that a patent may be relevant to a (forthcoming) W3C Recommendation, AND that patent claims may not be available under licensing terms compatible with the W3C policy. They have a very clear mission: clarify, whether the draft Recommendation can be practiced in disregard of the patent, whether there could be a design-around, or recommend that the Recommendation not be published. The PSIG is, IMHO, as useful body and does useful work. It's equivalent is the IPR WG (just concluded). If and when we have trouble with the policy and/or its interpretation, IMHO, the IPR WG should be restarted. Our oversight on the copyright RFCs may be such a reason. PAGs, OTOH, have no equivalent in the IETF, and IMHO also have a history of failure in W3C---which leads me to question their value for the IETF. My understanding of the very limited number of W3C PAGs that have been called on, the VoiceXML PAGs wrapped up without providing technical design-around recommendations---or advice to consider the patent in question as irrelevant to the cause---because community pressure inside W3C as a whole led the rightholder to change its licensing arrangements. And, in case of the REX PAG, the outcome was the the REX spec (which was IMHO quite useful, but I'm biased here) was rescinded. A somewhat different approach was chosen instead. However, my understanding is that the very limited, if any, analysis that took place in the REX PAG was NOT fed back into the design process. Plus, the REX case enjoyed full cooperation of the rightholder on the encumbrance analysis front, though not necessarily on the licensing commitment front. I'm not going into the ugly cross-SDO politics that played a role here. My personal view on PAGs, therefore, is that they have not delivered what they promised. I can also understand why: the analysis of third party patents can be, depending
RE: Proposal to create IETF IPR Advisory Board
Steven, thanks very much for your email. My comments are below. /Larry -Original Message- From: Steven M. Bellovin [mailto:s...@cs.columbia.edu] Sent: Wednesday, February 18, 2009 11:45 AM To: lro...@rosenlaw.com Cc: ietf@ietf.org Subject: Re: Proposal to create IETF IPR Advisory Board On Tue, 17 Feb 2009 19:24:20 -0800 Lawrence Rosen lro...@rosenlaw.com wrote: Ted Ts'o wrote: So you've done the equivalent of submit Windows source code and assume that it can be ported to a Unix system left as an exercise to the reader care to give a detailed suggestion about *how* it could be revised to work with the IETF's more open procedures, and still be useful in terms of meeting your stated goals? I've made no such assumptions. I've submitted a couple of process documents from W3C that can be modified easily to fit the IETF model. I thought John and Steven would be satisfied with a rough draft. Sort of like Windows might provide a model for a Linux open source program, without the actual code being yet written. :-) Now that I've submitted this draft, I refuse to be told it isn't a draft, although I admit it isn't in the proper format. Any process bigots want to comment on that flaw tonight too? I specifically said that the W3C Patent and Standards Working Group (PSIG) charter (http://www.w3.org/2004/pp/psig/) and *section 7* of the W3C Patent Policy (http://www.w3.org/Consortium/Patent-Policy-20040205/) would be models for an IETF IPR Advisory Board. Neither of those specific document sections implies anything mandatory about RAND or royalty-free or any other of the political patent battles that divide us. They are merely open process descriptions, just like a draft here ought to be. I think it's a fair start, though I note that 7.5.3 carries with it a fairly strong bias towards royalty-free terms. But let me translate. [LR:] I share that bias, but that's an IETF battle for another day. For now, I'm glad that you think of this as a fair start. Rather than a standing board (which was what I thought you had intended), [LR:] I had indeed intended a standing board, and still do. Why have to agitate and recruit an expert team over every question, when a simple question referred to an IPR Advisory Board for an answer will probably suffice? But like most of your points in this paragraph, it's open for discussion you're suggesting (translated IETF terms) that when a WG encounters a patent thought to be related, a group will be formed [LR:] Or already exists consisting of the AD, the WG chair(s) ex officio, representatives of the WG (presumably designated by the chair(s)), perhaps an IAB liason [LR:] No comment. Up to you. -- and the IETF patent counsel. [LR:] Be very careful. No attorney who can be deemed to speak on behalf of IETF regarding patents should be there opining IETF's opinion about actual patents. Instead, I recommend that we have an invited (and probably open) selection of other attorneys who are willing to sign up and actually participate as individuals, not representing specific clients and speaking with appropriate liability caveats. For process purposes, however, the IPR Advisory Board can probably be chaired by an IETF patent counsel just to make sure everyone behaves We'll have to see how many brave attorneys are actually willing to participate in the entire IETF community's behalf, but if W3C is an example, we'll find lots of willing attorneys. :-) What is the analog to representatives of each member organization? Volunteers not from the WG? Selected by whom? The usual IETF practice would be appointment by the AD and/or the IAB, I suspect. [LR:] ...And even some non-attorneys; I'm not prejudiced In light of IETF's openness, anyone who is willing to sign up and actually participate, although I think most engineers will find the mailing list itself boring. Mostly it would consist of people reading the technology proposals, reading the patent disclosures, and opining about whether they match up. No guarantees or warranties. Just experts cooperating to advise non-experts so we can get IETF work done. Let's keep those discussions off the WG lists (where they distract everyone unnecessarily) and onto a single IPR Advisory Board (with people who actually like reading patent stuff and probably aren't just talking through their _). What would the possible alternatives be? The W3C version has a strong bias towards royalty-free, since that's W3C's overarching policy. The IETF's policy is different, and the board's charge would have to be different. Really, with the exception that it needs legal input, such a group would actually be a design team that is supposed to look at the tradeoffs (per our policies) and make a recommendation to the WG. [LR:] Yep. In true open source fashion, I'm eagerly anticipating derivative works of this suggestion, which was itself
RE: Proposal to create IETF IPR Advisory Board
Steven Bellovin wrote: All that said, the above is my strawman that I've just torched. This is why we need a draft -- until we have one, we won't know if it's a plausible, useful idea or not. In fact, a metadraft -- one that simply set out the questions that a concrete proposal should address -- would be a worthwhile contribution in its own regard. In honor of open source, I'm glad to submit someone else's work as my first draft: http://www.w3.org/2004/pp/psig/. This is an effective working model. I'm sure it would have to be revised to fit IETF's more democratic operations. For a detailed description, see http://www.w3.org/Consortium/Patent-Policy-20040205/. In particular see section 7. [This is a document I helped a little bit to write, several years ago.] Kudos to our friends in W3C for doing this well. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Proposal to create IETF IPR Advisory Board
Ted Ts'o wrote: So you've done the equivalent of submit Windows source code and assume that it can be ported to a Unix system left as an exercise to the reader care to give a detailed suggestion about *how* it could be revised to work with the IETF's more open procedures, and still be useful in terms of meeting your stated goals? I've made no such assumptions. I've submitted a couple of process documents from W3C that can be modified easily to fit the IETF model. I thought John and Steven would be satisfied with a rough draft. Sort of like Windows might provide a model for a Linux open source program, without the actual code being yet written. :-) Now that I've submitted this draft, I refuse to be told it isn't a draft, although I admit it isn't in the proper format. Any process bigots want to comment on that flaw tonight too? I specifically said that the W3C Patent and Standards Working Group (PSIG) charter (http://www.w3.org/2004/pp/psig/) and *section 7* of the W3C Patent Policy (http://www.w3.org/Consortium/Patent-Policy-20040205/) would be models for an IETF IPR Advisory Board. Neither of those specific document sections implies anything mandatory about RAND or royalty-free or any other of the political patent battles that divide us. They are merely open process descriptions, just like a draft here ought to be. /Larry -Original Message- From: Theodore Tso [mailto:ty...@mit.edu] Sent: Tuesday, February 17, 2009 6:25 PM To: Lawrence Rosen Cc: ietf@ietf.org Subject: Re: Proposal to create IETF IPR Advisory Board On Tue, Feb 17, 2009 at 05:40:46PM -0800, Lawrence Rosen wrote: Steven Bellovin wrote: All that said, the above is my strawman that I've just torched. This is why we need a draft -- until we have one, we won't know if it's a plausible, useful idea or not. In fact, a metadraft -- one that simply set out the questions that a concrete proposal should address -- would be a worthwhile contribution in its own regard. In honor of open source, I'm glad to submit someone else's work as my first draft: http://www.w3.org/2004/pp/psig/. This is an effective working model. I'm sure it would have to be revised to fit IETF's more democratic operations. This model works if you have closed working groups and no one is allowed to participate without first going through a huge amount of bureaucratic rigamarole, and where someone can't even poke their head into a meeting room without being explicitly invited by the chair. It doesn't work at all in an IETF model which is much more open. So you've done the equivalent of submit Windows source code and assume that it can be ported to a Unix system left as an exercise to the reader care to give a detailed suggestion about *how* it could be revised to work with the IETF's more open procedures, and still be useful in terms of meeting your stated goals? - Ted ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Previous consensus on not changing patent policy (Re: References to Redphone's patent)
Harald Alvestrand writing about decisions made on March 16-22 2003: 1. do you wish this group to recharter to cdhange the IETF's IPR policy hum for (some) hom anti (more) fairly clear consensus against rechartering. anyone disagree? Hi Harald, Let's forget the past; I acknowledge we lost that argument then among those few who bothered to hum. But are the 1,000 or so emails in recent days from the FSF campaign not a loud enough hum to recognize that our IPR policy is out of tune? This is not the first such open source campaign either. IETF needs a more sturdy process to deal with IPR issues. Please consider the suggestions now on the table. Best regards, /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen -Original Message- From: Harald Alvestrand [mailto:har...@alvestrand.no] Sent: Monday, February 16, 2009 5:10 AM To: lro...@rosenlaw.com Cc: ietf@ietf.org Subject: Previous consensus on not changing patent policy (Re: References to Redphone's patent) Lawrence Rosen wrote: Chuck Powers wrote: +1 That is a legal quagmire that the IETF (like all good standards development groups) must avoid. Chuck is not alone in saying that, as you have just seen. These are the very people who refused to add patent policy to the charter of the previous IPR WG, and who controlled consensus on that point last time. To be precise: Last time was at the San Francisco IETF meeting, March 16-22 2003, and I was the one controlling consensus. The minutes (at http://www.ietf.org/proceedings/03mar/132.htm ) show this conclusion, after much discussion: 1. do you wish this group to recharter to cdhange the IETF's IPR policy hum for (some) hom anti (more) fairly clear consensus against rechartering. anyone disagree? harald: will verified on mailing list, will lead to some debate. if consensus is reached against rechartering... the IETF will not consider proposals to create or reactivate IPR wg before people with compelling arg to do so. those should be different than what prevented so far. Despite the abysmal spelling quality, it was pretty clear at the time that the arguments presented were not compelling. I haven't seen significant new arguments in the meantime; that doesn't mean they don't exist, just that I haven't seen them. Harald ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Proposal to create IETF IPR Advisory Board
Paul Hoffman wants: In this case, worked-out means a document that describes the the current solution, the advantages and disadvantages of it, a proposal for a new solution, and a transition plan. Paul, I'm not sure what more you're asking for at this stage. This list is lively with suggestions, convincing me that IPR issues continue to dominate the IETF airwaves. A worked-out document would be premature in this context. One suggestion, now a specific topic on this list if you care to respond directly, is for the creation of an IETF IPR Advisory Board to help people everywhere--including thousands of disaffected FSF campaigners--to understand why certain patents (including the Redphone patent) are not worth worrying about. The charter would be: Answer IPR questions that are posed by other IETF working groups. The quality of its answers, as with any IETF working group, will be at least partly a function of the quality of its participants. This suggestion is perhaps the most important currently before us, because an IETF IPR Advisory Board will be able to stop FSF campaigns and other distractions before they start with facts instead of fiction. What would YOU suggest for a charter for such an Advisory Board to keep it from crossing into any forbidden areas? Or is it every man and woman for themselves in these patent-infested waters? /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen -Original Message- From: Paul Hoffman [mailto:paul.hoff...@vpnc.org] Sent: Monday, February 16, 2009 3:20 PM To: lro...@rosenlaw.com; ietf@ietf.org Subject: RE: Previous consensus on not changing patent policy (Re: References to Redphone's patent) At 2:11 PM -0800 2/16/09, Lawrence Rosen wrote: Let's forget the past; I acknowledge we lost that argument then among those few who bothered to hum. Many of us have heard this in various technical working groups when people who didn't get their way come back later. Such reconsiderations, particularly on topics of a non-protocol nature, are rarely embraced. We are humans with limited time and energy and focus. But are the 1,000 or so emails in recent days from the FSF campaign not a loud enough hum to recognize that our IPR policy is out of tune? No, it is a statement that a group of people who are not active in the IETF want us to spend our time and effort to fix a problem they feel that they have. This is not the first such open source campaign either. IETF needs a more sturdy process to deal with IPR issues. Please consider the suggestions now on the table. Where? I see no Internet Draft, nor any significant group of people who have said they are willing to work on the problem. Seriously, if this is a significant issue for this motivated group of people, they can do some research and write one (or probably more) Internet Drafts. The IETF has never been swayed by blitzes of a mailing list asking for us to do someone else's technical work; we should not be swayed by similar blitzes asking us to do their policy work. We are, however, amazingly (and sometime painfully) open to discussing worked-out solutions of either a technical or policy nature. In this case, worked-out means a document that describes the the current solution, the advantages and disadvantages of it, a proposal for a new solution, and a transition plan. --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
IPR advice to avoid ignorant flame wars about patents
Thomas Narten wrote: IPR consultation is all about risk analysis. And risk to the IETF vs. risk to me personally vs. risk to my employer vs. risk to somebody else's employer, etc. All are VERY different things. I mean this in a polite way, but bull! IPR consultation is mostly about the facts, the evidence, knowledge of the law, and understanding the role of intellectual property in technology products and services. Risk analysis is what businesses do every day, and all parts of those businesses--including the engineers and the lawyers--should contribute to that analysis. In such cases, there is precious little an advisory board could tell us, other than we don't know... Apparently there is precious little an advisory board could tell you since your company has a very large and very talented IPR advisory group in its legal department, but that's no excuse for IETF not to have one for the rest of the community. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Thomas Narten Sent: Friday, February 13, 2009 12:31 PM To: Noel Chiappa Cc: ietf@ietf.org Subject: Re: References to Redphone's patent j...@mercury.lcs.mit.edu (Noel Chiappa) writes: From: Lawrence Rosen lro...@rosenlaw.com the previous IPR WG .. refused even to discuss a patent policy for IETF. I thought the IETF sort of had one, though (see RFC mumble)? I definitely agree that the IETF could use some sort of permanent legal IPR consulting board that WG's could go to and say 'we have this IPR filing, what does it mean, and what is the likely impact on our work'. Please don't go there. IPR consultation is all about risk analysis. And risk to the IETF vs. risk to me personally vs. risk to my employer vs. risk to somebody else's employer, etc. All are VERY different things. I don't see an IPR consulting board as being helpful at all. It will still come down to someone else trying to tell *me* (or you) that I (or you) shouldn't worry about something, yet it might well be *my* (or your) skin if things go awry. The IETF absolutely and fundamentally needs stay out of evaluating the merits of potential IPR and what the associated risks are. This is fundamentally an individual decision that every implementor needs to make on their own. This principle has been a bedrock of the IETF's IPR policy for a very long time, and for good reason. Oh, and another important point, even when we have IPR disclosures, they are often for patent applications, which are not public, nor have they been issued (so they are only potential patents). In such cases, there is precious little an advisory board could tell us, other than we don't know... Thomas ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
References to Redphone's patent
Lots of the recent emails on this list refer to Redphone's patent but there is no such thing. As anyone who has ever worked with real patents knows, there is a great difference between a patent application and a patent. Whatever claims are written in patent applications are merely wishes and hopes, placeholders for negotiated language after a detailed examination of the application. Until the PTO actually issues a patent, nothing is fixed. And even then, newly-found prior art and other issues can defeat an issued patent. Why are we all so afraid of Redphone? Who gives a damn what patent claims they hope to get? There's something wrong with the IETF process if spurious and self-serving assertions that a patent application has been filed can serve to hold up progress on important technology. I wish you'd ask real patent attorneys to advise the community on this rather than react with speculation and a generalized fear of patents. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: References to Redphone's patent
Thierry Moreau wrote: Check by yourself, I do not provide professional advice in here. And that's why I made my suggestion that we do these analyses in a professional manner! Too many patent-savvy attorneys (and their companies?) expect the community to decide these things in a random fashion. The IETF--collectively--needs professional advice, including from you. I will allow that you speak for yourself and offer no guarantees or warranties. But expert attorneys need to give us their expert opinions about the effects of specific patents on our specific work. That's why I'm so irritated that the previous IPR WG, since disbanded (fortunately), refused even to discuss a patent policy for IETF. Of course such studied ignorance can lead to community displays of confusion and anger. Hence the FSF campaign and others like it; entirely justified. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen -Original Message- From: Thierry Moreau [mailto:thierry.mor...@connotech.com] Sent: Friday, February 13, 2009 10:20 AM To: lro...@rosenlaw.com Cc: ietf@ietf.org Subject: Re: References to Redphone's patent Lawrence Rosen wrote: Lots of the recent emails on this list refer to Redphone's patent but there is no such thing. In my emails, I used the reference to US patent application 11/234,404 as amended on 2008/01/25. As anyone who has ever worked with real patents knows, there is a great difference between a patent application and a patent. Whatever claims are written in patent applications are merely wishes and hopes, placeholders for negotiated language after a detailed examination of the application. Until the PTO actually issues a patent, nothing is fixed. And even then, newly-found prior art and other issues can defeat an issued patent. Indeed, plus the geographical applicability restrictions that are determined 30 or 31 months after the priority date according to PCT rules - the above patent application has national or regional applications in Australia, Canadian, and the EU (I didn't check the EPO database, perhaps it's not the whole EPC member states). Why are we all so afraid of Redphone? Who gives a damn what patent claims they hope to get? I guess (i.e. speculate) that it is more convenient for the FSF to get publicity / support with a case involving a small organization without significant market presence and lobbying resources that could retaliate an FSF campaign more visibly. I thought the GnuTLS connection triggered the FSF action, but Simon corrected me on this hypothesis. There's something wrong with the IETF process if spurious and self- serving assertions that a patent application has been filed can serve to hold up progress on important technology. I wish you'd ask real patent attorneys to advise the community on this rather than react with speculation and a generalized fear of patents. I agree. You may notice that the FSF did not share (AFAIK) any result of investigation into the patent application status which would include some professional advice. Actually, two PCT/WIPO search/examination reports are on-line, and one *denies* novelty to every claims but 3 of them, and denies inventive step to all of them! The patent applicant may (further) amend the claims at the national or regional phase, but the initial assessment is not so good for the patent applicant. Check by yourself, I do not provide professional advice in here. So it's really the FSF campaign that is detracting the IETF process here in the way you are alluding above. The Redphone's IPR disclosure 1026 verbatim does not detract the IETF process. Again, finer investigations and analyses of IPR issues (finer than ideological opposition to patents) would be benefitial to the IETF. Regards, - Thierry Moreau ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: References to Redphone's patent
Chuck Powers wrote: +1 That is a legal quagmire that the IETF (like all good standards development groups) must avoid. Chuck is not alone in saying that, as you have just seen. These are the very people who refused to add patent policy to the charter of the previous IPR WG, and who controlled consensus on that point last time. Shall we ask the FSF members of IETF also to comment on the need for IETF to develop a comprehensive policy toward patents so that encumbrances to Internet standards can be understood and avoided in the future? /Larry -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Powers Chuck-RXCP20 Sent: Friday, February 13, 2009 12:36 PM To: Thomas Narten; Noel Chiappa Cc: ietf@ietf.org Subject: RE: References to Redphone's patent +1 That is a legal quagmire that the IETF (like all good standards development groups) must avoid. Regards, Chuck - Chuck Powers, Motorola, Inc phone: 512-427-7261 mobile: 512-576-0008 -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Thomas Narten Sent: Friday, February 13, 2009 2:31 PM To: Noel Chiappa Cc: ietf@ietf.org Subject: Re: References to Redphone's patent j...@mercury.lcs.mit.edu (Noel Chiappa) writes: From: Lawrence Rosen lro...@rosenlaw.com the previous IPR WG .. refused even to discuss a patent policy for IETF. I thought the IETF sort of had one, though (see RFC mumble)? I definitely agree that the IETF could use some sort of permanent legal IPR consulting board that WG's could go to and say 'we have this IPR filing, what does it mean, and what is the likely impact on our work'. Please don't go there. IPR consultation is all about risk analysis. And risk to the IETF vs. risk to me personally vs. risk to my employer vs. risk to somebody else's employer, etc. All are VERY different things. I don't see an IPR consulting board as being helpful at all. It will still come down to someone else trying to tell *me* (or you) that I (or you) shouldn't worry about something, yet it might well be *my* (or your) skin if things go awry. The IETF absolutely and fundamentally needs stay out of evaluating the merits of potential IPR and what the associated risks are. This is fundamentally an individual decision that every implementor needs to make on their own. This principle has been a bedrock of the IETF's IPR policy for a very long time, and for good reason. Oh, and another important point, even when we have IPR disclosures, they are often for patent applications, which are not public, nor have they been issued (so they are only potential patents). In such cases, there is precious little an advisory board could tell us, other than we don't know... Thomas ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: why to contact the IETF
The result of the FSF campaign has been to raise a legal concern obviously important to many of us: Will users of the proposed IETF TLS specification require patent licenses from RedPhone to use such implementations in the US or elsewhere? I don't yet know the answer to this question. Does anyone here? Several emails here have valiantly attempted to get us to focus on the technical aspects of the RedPhone patent claims, the progress of the patent in the PTO and PCT, and other technical issues. Speaking only for myself, I haven't yet seen any justification for us fearing the RedPhone patent claims. They may be as bogus as the hundreds of other patent infringement claims that companies receive letters about every day. OTOH, they may be deadly submarines ready to attack us all. Why don't we organize to answer the patent claim infringement issues like professionals do? Ask technical experts. Consult a patent attorney. Render expert opinions. And thank those from FSF and elsewhere who have written here to encourage us to do so! If the TLS specification really is patent-encumbered, in the professional view of experts who have reason to understand the details, my vote here and those of many FSF members and FOSS advocates too will be to have nothing more to do with it. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: why to contact the IETF
Noel Chiappa wrote: I'm not sure I'd really believe any determination short of a court's anyway - attorneys can advise, but until the proverbial butcher-baker- candlestickmaker get their say after a trial, it's got an element of coin-toss to it, no? I respond only to this specific point. Life itself has an element of coin-toss to it. That should not discourage us from obtaining expert technical and legal (and medical, etc.) opinions from people who can and will provide them. Many times engineers, and attorneys, and doctors, recommend actions that leave a coin toss ahead. It is often better to gamble with their advice than without it. /Larry ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewandcomments on a proposed Work-Around to the Pre-5378 Problem
Joel Halpern wrote: The working group could have included what Simon asked for in 5377. The rough consensus of the WG was not to do so. That is accurate. It is also a damned shame, and many of us still don't agree. /Larry Rosen Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Joel M. Halpern Sent: Sunday, January 11, 2009 7:29 AM To: Simon Josefsson Cc: 'IETF Discussion' Subject: Re: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewandcomments on a proposed Work-Around to the Pre-5378 Problem Let's be quite clear here. Your stated requirement for doing this was that authors had to be able to take and modify any text from anywhere in an RFC. The Working Group concluded that while that was reasonable relative to code (and we tried to give the open source community that ability relative to code), that such a wide grant was not reasonable relative to the text content of RFC. (Among other concerns, such changes would include modification of normative text and text carefully worked out by working groups to get the meanings right. If the WG got it wrong, the IETF is the place to fix it, not comments in code somewhere.) Also, it should be understood that this issue is largely orthogonal to the topic under discussion. The working group could have included what Simon asked for in 5377. The rough consensus of the WG was not to do so. A more narrow 5378 would make it harder to make such a grant, but since the working group didn't choose to do so (and personally, I think doing so would undermine much of our work) the issues seems to have no bearing on whould we rescind 5378? or is there a better transition strategy to get 5378 to apply to the bulk of our work? or how do we get 5378 rights in code, without holding up all the other documents? Yours, Joel Simon Josefsson wrote: One of the remaining problems is, as described above, that the IETF license does not permit authors to take BSD licensed code and use them as illustration in RFCs because RFC 5378 does not permit additional copyright notices to be present in RFCs. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Disappointing communication
-Original Message- From: John C Klensin [mailto:john-i...@jck.com] Sent: Saturday, January 10, 2009 4:32 PM To: lro...@rosenlaw.com; 'IETF Discussion' Subject: Re: [Trustees] ANNOUNCEMENT: The IETF Trustees inviteyour reviewand comments on a proposed Work-Around to the Pre-5378Problem --On Saturday, January 10, 2009 22:48 + lro...@rosenlaw.com wrote: FWIW, I am serving pro bono in the public interest, and I hope everyone else here would also. /Larry And you have no clients, even clients for whom you are working pro bono, who have a vested position in the outcome of these discussions? That is certainly not consistent with things you have said in the past. My sympathies on your loss of business relationships. john Why are such emails tolerated on IETF's discussion list? I have participated on IETF lists for several years now, trying hard to respect IETF's culture and norms for civil communication. I learned early on that everyone in IETF perceives his or her role as an individual serving in the best interests of the technologies we jointly need. While none of us can fully leave our hats at the door, we are expected to represent what is best for the Internet. As an attorney, it would be improper for me to come here secretly representing the interests of a particular client, and I suppose John Klensin's question was meant to determine if I was acting unethically in that respect when I stated (and signed) my opinions on here. If so, his then making snide public comments about me or my clients (or supposed loss of business relationships) on the list is an implication of either ethical improprieties or poor business acumen. I don't deserve either. What is doubly irritating is that an engineer, who himself expresses his own lawyerly opinions in the public interest when participating in the IPR WG, refuses to believe that an attorney can have equally pure motives when he expresses his opinions on the same topics. Is that anti-lawyer bigotry? Unfortunately, that isn't a constitutionally protected class, just something that IETF itself ought not to tolerate on its public lists. I believe I deserve an apology from John, although that may be too much for a lawyer to ask. /Larry P.S. I am an also an elected member of the Apache Software Foundation. I hope nobody here assumes that my opinions here reflect the official opinions of that organization either, although I do believe that many individual members of ASF share at least some of my views. Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen Author of Open Source Licensing: Software Freedom and Intellectual Property Law (Prentice Hall 2004) ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewand comments on a proposed Work-Around to the Pre-5378 Problem
Bill Manning wrote: This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026 except that the right to produce derivative works is not granted. - and - So for some IETF work product, there are/were people who assert a private ownership right in the materials they generated. I think that the IETF Trust should be very careful in using/reusing that material, esp w/o asking permission. This is consistent with what I've been saying, namely that IETF RFCs are joint works of authorship. 1. The fact that IETF never previously granted the right to produce derivative works can easily be corrected by one of the joint copyright owners, in this case the IETF Trust, now granting that license. As I understand it, this is what Simon and others have been arguing for all along for the IETF out-license. 2. The IETF Trust owns a joint copyright. That also means that we can't object if the other joint copyright owners assert their own private ownership rights in the materials they generated. Who's stopping them? None of the joint owners needs to ask permission of IETF or any others to do anything they want with those jointly-owned IETF RFCs. There, I've spoken up ... reserving my right to speak now and later on this topic. (not going to forever hold my peace). Please excuse my poetic turn of phrase. As others have privately pointed out to me, it is unlikely that anyone on here will respond to my plea to declare their private claims any more than anyone does even at the worst of weddings. That is another reason why the IETF Trust asking permission to do what we wish with our own industry standards is such a futile exercise. Hardly anyone has the courage or incentive to say No and publicly declare their private ownership of our common standards. That is why we have to take the risk to do what we need to do and simply dare anyone on here to sue IETF when we allow certain kinds of derivative works. For the lawyers on here, I'm hoping that silence now, particularly by the major IETF contributors on this list, will be interpreted as laches or waiver if one of them later claims an exclusive copyright interest in any IETF RFC. /Larry -Original Message- From: Bill Manning [mailto:bmann...@isi.edu] Sent: Saturday, January 10, 2009 3:16 AM To: Lawrence Rosen Cc: 'IETF Discussion' Subject: Re: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewand comments on a proposed Work-Around to the Pre-5378 Problem On Fri, Jan 09, 2009 at 02:16:43PM -0800, Lawrence Rosen wrote: That's why I challenged Ted Hardie directly. Please don't take it personally or as flaming, but anyone who wants to assert a private ownership right in any copyright in any IETF RFC ought to do so now or forever hold your peace. Otherwise, I think it best that the IETF Trust exercise its rights under its joint copyright to do whatever is deemed appropriate and in the public interest, as determined by the IETF Trustees and its legal counsel, and not ask permission. /Larry are you talking about -all- IETF related documents (IDs, postings, april 1st RFCs, etc...) or RFCs that are standards? (discounting BCPs, Informational RFCs, etc) for a period of time, text like this appeared in at least a dozen documents: This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026 except that the right to produce derivative works is not granted. there were even a few documents that had explicit copyright statements that excluded ISOC IETF from doing anything with the document, other than the right to publish for the period of performance for an ID, e.g. no longer than six months. one reaction to that was the promulgation of the Note Well legal advice and the path that lead us to this point. So for some IETF work product, there are/were people who assert a private ownership right in the materials they generated. I think that the IETF Trust should be very careful in using/reusing that material, esp w/o asking permission. There, I've spoken up ... reserving my right to speak now and later on this topic. (not going to forever hold my peace). --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise). ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewand comments on a proposed Work-Around to the Pre-5378 Problem
John Leslie wrote: I may not be the one to explain, but I _don't_ think that's what the proposal calls for. I think it calls for inclusion of the boilerplate I listed above, which simply disclaims knowledge of _whether_ all the rights of 5378 are granted (and thus derivative works outside the IETF Standards Process are not authorized by the IETF Trust). I want derivative works outside the IETF Standards Process to be authorized by the IETF Trust and see no legal reason, at least in US law, why the IETF Trust can't authorize that without even mentioning the co-authors of those RFCs. The concern expressed in this thread is whether derivative works are authorized by the co-authors of those earlier RFCs. We need no statement (admission of guilt or otherwise) about that. Users of IETF RFCs should be comfortable that at least the IETF Trust authorizes such derivative works. Certainly the term open industry standard must mean that an RFC is a cooperative expressive and technical work by individuals and companies interested in a common result. We should accept the notion that IETF, and now the IETF Trust, as a public interest corporation that manages the expressive creative activities through which these joint works are written, is the joint owner of copyright in every RFC. As such, a license from the IETF Trust is all we need to create derivative works, without even asking the co-authors of those old (or new) documents. Does anyone here believe that the IETF Trust doesn't own a joint copyright interest in every RFC it publishes and can thus authorize derivative works of those RFCs? [1] /Larry [1] I intentionally avoid the argument, made in my previous emails here, that we don't even need the permission of the IETF Trust to copy and modify--when necessary for functional purposes--any industry standard specification. That's a bigger argument based on 17 USC 102(b), not one based on the Copyright Act definition of joint work: A 'joint work' is a work prepared by two or more authors with the intention that their contributions be merged into inseparable or interdependent parts of a unitary whole. 17 USC 101. Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of John Leslie Sent: Friday, January 09, 2009 10:15 AM To: dcroc...@bbiw.net Cc: IETF Discussion Subject: Re: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewand comments on a proposed Work-Around to the Pre-5378 Problem Dave CROCKER d...@dcrocker.net wrote: A number of the comments, so far, appear to hinge on a rather basic cost/benefit model that is clearly quite different from what the proposal is based. I suspect that difference comes from a different sense of the problem, per John Klensin's posting. Agreed. My reference to legality is based on a view of the proposal which sees it as having individual submitters essentially say I am required to get permission and I have not gotten it. That's an admission of guilt... I don't read it that way. Refer to: http://trustee.ietf.org/docs/Draft-Update-to-IETF-Trust-Legal-Provisions- 1-06-09.pdf ] ] 6. c. iii. ] ... This document contains material from IETF Documents or IETF ] Contributions published before November 10, 2008 and, to the ] Contributor's knowledge, the person(s) controlling the copyright ] in such material have not granted the IETF Trust the right to allow ] modifications of such material outside the IETF Standards Process. ] Without obtaining an adequate license from the person(s) controlling ] the copyright, this document may not be modified outside the IETF ] Standards Process, and derivative works of it may not be created ] outside the IETF Standards Process, except to format it for ] publication as an RFC and to translate it into languages other than ] English. If you believe there is an admission of guilt there, please send text. (But understand, lawyers have to sign off on any changes.) And if you don't think that's what the proposal calls for, please explain, because I don't think my interpretation is all that creative. I may not be the one to explain, but I _don't_ think that's what the proposal calls for. I think it calls for inclusion of the boilerplate I listed above, which simply disclaims knowledge of _whether_ all the rights of 5378 are granted (and thus derivative works outside the IETF Standards Process are not authorized by the IETF Trust). This situation has halted the progression of some Internet-Drafts and interrupted the publication of some RFCs. This means that we have a crisis which is stopping productive work, yet the crisis appears to be caused by a faulty new requirement, rather than by the situation
RE: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewand comments on a proposed Work-Around to the Pre-5378 Problem
Ted Hardie asked me: Are you willing to personally indemnify the individuals who are later sued by those who don't hold this view or are you willing to pay for the appropriate insurance cover? Of course not. Are you (or your company) warning me that *you* might sue me for infringement of anything you contributed to a joint industry standard RFC? If so, thanks for the warning. Now, I'll ignore it. As I hope will most of the people and companies who rely on IETF RFCs. You can't threaten me by listing hundreds of people who had something to do with an RFC in the past. Or make me beg you or your company or any of those people for permission in order to treat an industry standard as a part of our common heritage with the authority in the IETF Trust to deal with it (as a copyrighted document) as it wishes in the public interest. It would be reasonable for everyone in that list to believe that their work could be re-used within the IETF context (it post dates RFC 2026 sufficiently for that). We have now changed the rules such that their work can be used in other contexts, provided the Trust authorizes it; prior to that, the individuals would have had to authorize it. Under US law, a joint copyright owner doesn't have to ask anyone's permission to change the rules. Sorry you don't like that. Or are you threatening to sue the IETF Trust if it changes the rules? Based on what legal principle? /Larry -Original Message- From: Ted Hardie [mailto:har...@qualcomm.com] Sent: Friday, January 09, 2009 11:42 AM To: lro...@rosenlaw.com; 'IETF Discussion' Subject: RE: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewand comments on a proposed Work-Around to the Pre-5378 Problem At 11:09 AM -0800 1/9/09, Lawrence Rosen wrote: We should accept the notion that IETF, and now the IETF Trust, as a public interest corporation that manages the expressive creative activities through which these joint works are written, is the joint owner of copyright in every RFC. As such, a license from the IETF Trust is all we need to create derivative works, without even asking the co-authors of those old (or new) documents. Does anyone here believe that the IETF Trust doesn't own a joint copyright interest in every RFC it publishes and can thus authorize derivative works of those RFCs? [1] Are you willing to personally indemnify the individuals who are later sued by those who don't hold this view or are you willing to pay for the appropriate insurance cover? Take a look for a moment at RFC 2822. It is a successor to a document that does not contain an ISOC copyright (because ISOC came into being approximately 10 years later). It does have an ISOC copyright but RFC 2822 also has a very extensive list of contributors: Matti Aarnio Barry Finkel Larry Masinter Tanaka Akira Erik Forsberg Denis McKeon Russ Allbery Chuck Foster William P McQuillan Eric Allman Paul Fox Alexey Melnikov Harald Tveit Alvestrand Klaus M. Frank Perry E. Metzger Ran Atkinson Ned Freed Steven Miller Jos BackusJochen Friedrich Keith Moore Bruce Balden Randall C. Gellens John Gardiner Myers Dave Barr Sukvinder Singh Gill Chris Newman Alan Barrett Tim GoodwinJohn W. Noerenberg John Beck Philip GuentherEric Norman J. Robert von Behren Tony HansenMike O'Dell Jos den BekkerJohn Hawkinson Larry Osterman D. J. Bernstein Philip Hazel Paul Overell James BerrimanKai Henningsen Jacob Palme Norbert BollowRobert Herriot Michael A. Patton Raj Bose Paul Hethmon Uzi Paz Antony Bowesman Jim Hill Michael A. Quinlan Scott Bradner Paul E. HoffmanEric S. Raymond Randy BushSteve Hole Sam Roberts Tom Byrer Kari HurttaHugh Sasse Bruce CampbellMarco S. Hyman Bart Schaefer Larry CampbellOfer Inbar Tom Scola W. J. Carpenter Olle Jarnefors Wolfgang Segmuller Michael Chapman Kevin Johnson Nick Shelness Richard Clayton Sudish Joseph John Stanley Maurizio Codogno Maynard Kang Einar Stefferud Jim Conklin Prabhat Keni Jeff Stephenson R. Kelley CookJohn C. KlensinBernard Stern Steve CoyaGraham Klyne Peter Sylvester Mark Crispin Brad Knowles Mark Symons Dave Crocker Shuhei Kobayashi Eric Thomas Matt Curtin Peter Koch
RE: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewand comments on a proposed Work-Around to the Pre-5378 Problem
John Klensin wrote: Note 2: Larry, I'm not competent to debate your joint authorship theory and hope that no one else, at least no one who is not an attorney admitted to practice in some relevant jurisdiction, will engage you on it. However, it appears to me as a non-lawyer that, if you are correct, we should be blowing away 5378 and all of its language and concentrating on 5377 (which no one has attacked since the WG concluded). If the theory is correct, then 5378 complicates things because it can easily be read as an attempt to establish principles of separate authorship in the IETF case and get everyone to agree to those principles, even if only as a between-contributors agreement. And one should not wish for those complications. I agree that the proper forum for this discussion is with the officers and legal counsel of IETF and not this public list. I have previously written to Jorge Contreras about some of these points and am always pleased by his thoughtful private responses. My only reason for bringing it up again on-list is that people here are publicly discussing specific legal wording to fix 5378. But as a fundamental principle of property law, I don't believe in IETF asking anyone's permission, even respected IETF contributors, to create derivative works of works already in the public domain or any works that IETF already owns jointly. As John Klensin noted, 5378 and the proposed workaround complicates things because it can easily be read as an attempt to establish principles of separate authorship in the IETF case and get everyone to agree to those principles. I can't agree to that. Can you? That's why I challenged Ted Hardie directly. Please don't take it personally or as flaming, but anyone who wants to assert a private ownership right in any copyright in any IETF RFC ought to do so now or forever hold your peace. Otherwise, I think it best that the IETF Trust exercise its rights under its joint copyright to do whatever is deemed appropriate and in the public interest, as determined by the IETF Trustees and its legal counsel, and not ask permission. /Larry -Original Message- From: John C Klensin [mailto:john-i...@jck.com] Sent: Friday, January 09, 2009 1:33 PM To: Ted Hardie; lro...@rosenlaw.com; 'IETF Discussion' Subject: RE: [Trustees] ANNOUNCEMENT: The IETF Trustees invite your reviewand comments on a proposed Work-Around to the Pre-5378 Problem --On Friday, January 09, 2009 11:42 -0800 Ted Hardie har...@qualcomm.com wrote: ... My reading of John's point is that this creates either a coordination burden or a legal risk for the authors re-using text created prior to the new rules. He doesn't want to bear that burden/risk, and I don't think the Trust can (because it would have to analyze each document prior to assuming it, as it would be otherwise trivial for someone to submit a draft that clearly had no permission from the copyright holders). He wants an out that says I'm granting these rights to my text, you worry about any other rights. As a transition to text based on documents written within the new rules, that may be the way to go. What none of us wants is to have to restart this conversation at ground zero, because a lot of the other rights (like re-using code) set out in the new document should be applying to new work in new drafts now. Exactly. And note that makes a clear and plausible transition model: (1) Pre-5378 documents exist under pre-5378 rules, so any potential user for non-traditional purposes needs to either figure out who the relevant authors are and get their permission or decide the risk isn't worth worrying about. If some of those authors/ contributors make explicit transfers to the Trust, that is great, but none of them have to take responsibility for identifying all of the others. (3) Post-5378 new documents are posted according to 5378 rules, with no exceptions. (2) Post-5378 documents that incorporate pre-5378 materials must used 5378 rules for any material that is new. For the earlier materials, and for sorting out which is which, the burden falls on the potential user for non-traditional purposes to either figure out who the relevant authors are and get their permission, determine that all relevant authors have already given permission, or assume the risks. No one else --neither the author(s)/ editor(s) of the new document nor the Trust-- is required to take responsibility for pre-5378 contributors or contributions. Even an editor of the new document that worked on the old material is not required to make assertions about new rights on behalf of his or her former employer. This doesn't weaken the core grant of rights in 5378 in any fundamental way. If we are being realistic, it doesn't get us to
Re: IPR Questions Raised by Sam Hartman at the IETF 73 Plenarys
[also RE: where to send RFC 5378 license form] To: IETF TRUST I have signed and faxed a copy of the IETF Documents Non-Exclusive License to +1-703-326-9881. Not that my technical contributions actually matter, but perhaps someone here will someday want to copy or create derivative works of my words here. As far as I can tell, if everyone here who ever contributed to an IETF document signs these forms, then you can treat the arguments I've made here about not needing copyright for industry standards as hypothetical and moot. Having a very permissive copyright license to rely on is better than not having one, even if (as I argue) in many cases a copyright license isn't necessary in order to create a copy or derivative work of a functional specification! I further want to comment that, as far as I can tell, it may not even be necessary to get *everyone* to sign. Here's the reason: Most RFCs are joint works. Quoting (FWIW) from my own book on the subject of licensing: In the United States, unless they agree otherwise, each of the joint authors may separately license a joint work--and all of its parts--without the consent of any of the other joint authors, and every author must account to the other authors for their share of the profits derived from the license. Consult local law to determine whether one owner of a joint work may license without the consent of the others or must account to the others for his or her licensing revenue. Given that IETF is non-profit, there almost certainly won't be profits here to share. I'd appreciate hearing back from any lawyers on this list, particularly outside the U.S., whether having *most IETF contributors (and their employers!)* sign this form would, for all practical purposes, solve the problem reported here and let us get on with our lives writing and updating industry standards however we wish? Fortunately for us, if the living sign we may not need the permission of deceased contributors after all, at least for joint works. I can't imagine that anyone fully committed to the culture of IETF would refuse to sign such a license now, or as a way of reaffirming his or her past commitment. I can't imagine anyone--particularly the companies participating in IETF--who would resist signing such a license as a precondition to participation in IETF standards-setting proceedings. But maybe I'm wrong? /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen Author of Open Source Licensing: Software Freedom and Intellectual Property Law (Prentice Hall 2004) -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of John C Klensin Sent: Thursday, December 18, 2008 3:51 PM To: Contreras, Jorge; Randy Presuhn; IETF Discussion Subject: RE: where to send RFC 5378 license forms --On Thursday, 18 December, 2008 17:37 -0500 Contreras, Jorge jorge.contre...@wilmerhale.com wrote: As a slightly harder example: what is the set of names required to cover all the boilerplate text that goes into an RFC containing a MIB module? See above. In addition, MIB modules were licensed broadly under RFC 3978, so they are less problematic than non-code text. Maybe I still don't fully understand what 5398 does, but, while that broad licensing of MIB modules presumably permits the IETF (and others) to work with them, it doesn't imply the transfers to the Trust, and ability of the Trust to relicense, required by 5398, does it? And, if not, the broad licensing of MIB modules doesn't help a new author of a document that incorporates a MIB module make the assertions that 5398 requires, does it? If the answer is no, then such an author would still have to go back to the original Contributor(s) of the MIB module and persuade them to generate the new license, just as he or she would with any other older contributed text. Right? john ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: IPR Questions Raised by Sam Hartman at the IETF 73 Plenarys
Jorge Contreras wrote: The problem lies with collective works, rather than joint works. In some cases, the multiple authors of IETF documents have each made distinct contributions (i.e., sections or distinct text) rather than collaborating to produce joint text. Unfortunately it is not possible, in hindight, to determine whether works with multiple authors are joint works or collective works. Hi Jorge, Once again the standards world surprises me. I thought that IETF RFCs--indeed any standards specifications developed by groups of cooperating engineers--are inherently joint works. The notion that a single person writes and owns the words he himself puts into a specification is very odd. Is that notion a part of IETF culture? It is true that the best evidence of a joint work is a contract between the joint authors declaring it to be so, and that otherwise a collective work is generally assumed. What we lack are those contracts from the early days, which is why the new form we're now signing is so good going forward. But even in the past, in the case of IETF RFCs, weren't IETF contributors expected to be active participants in joint creativity and inventiveness? Could anyone here realistically deny that his or her IETF efforts were joint? Best regards, /Larry -Original Message- From: Contreras, Jorge [mailto:jorge.contre...@wilmerhale.com] Sent: Friday, December 19, 2008 11:28 AM To: lro...@rosenlaw.com; IETF discussion list Subject: RE: IPR Questions Raised by Sam Hartman at the IETF 73 Plenarys Larry - thank you for your contribution! I further want to comment that, as far as I can tell, it may not even be necessary to get *everyone* to sign. Here's the reason: Most RFCs are joint works. Quoting (FWIW) from my own book on the subject of licensing: In the United States, unless they agree otherwise, each of the joint authors may separately license a joint work--and all of its parts--without the consent of any of the other joint authors, and every author must account to the other authors for their share of the profits derived from the license. Consult local law to determine whether one owner of a joint work may license without the consent of the others or must account to the others for his or her licensing revenue. The problem lies with collective works, rather than joint works. In some cases, the multiple authors of IETF documents have each made distinct contributions (i.e., sections or distinct text) rather than collaborating to produce joint text. Unfortunately it is not possible, in hindight, to determine whether works with multiple authors are joint works or collective works. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: IPR Questions Raised by Sam Hartman at the IETF 73 Plenary
Cullen Jennings wrote: Larry, your email sounded dangerously close to suggesting that it might be ok to break the copyright law because no one would object to it. Is that what you are suggesting? Not at all. But every attorney is charged with an obligation to help others understand and interpret the law even if that interpretation differs from that of some other attorneys. Fifty years from now, after IETF is dissolved and most of us have passed away, I don't want the dead hand of copyright reaching out from the grave to prevent anyone from freely modifying TCP/IP to satisfy modern requirements. It may be that, because Congress further extends the copyright term, the Disney corporation will then still own and control the copyright in Mickey Mouse cartoons, but the notion that anyone owns and controls the functional underpinnings of technology by placing a copyright notice on it is simply unacceptable. That is a perversion of the law, not something that a copyright lawyer who supports open source, open content and open standards can countenance. I hope that the participants in IETF develop IPR policies that support the fundamental freedom to invent--and to describe in words--whatever functions we need for our world to progress. Best regards, /Larry -Original Message- From: Cullen Jennings [mailto:flu...@cisco.com] Sent: Wednesday, December 17, 2008 10:24 PM To: lro...@rosenlaw.com Cc: 'IETF discussion list' Subject: Re: IPR Questions Raised by Sam Hartman at the IETF 73 Plenary Larry, your email sounded dangerously close to suggesting that it might be ok to break the copyright law because no one would object to it. Is that what you are suggesting? On Dec 17, 2008, at 5:56 PM, Lawrence Rosen wrote: Dave Crocker wrote: That was the culture. Law often follows culture, since culture creates established practice. I hope you're right. May I ask: Is there anyone on this list who is asserting a current copyright interest in any IETF RFC--on your own behalf or on behalf of your company--that would encumber the freedom of any IETF participants to copy, create derivative works, and distribute that RFC in accordance with IETF culture? On what basis do you assert that current copyright interest in those RFCs? Have you registered that copyright? Is that copyright interest sole or joint with any other entity, including other contributors or the IETF Trust itself? I'm not interested to hear about hypothetical situations. I would like to know if there are any actual claims of copyright ownership that people here are even considering to assert against IETF's complete freedom to act and establish functional Internet standards. /Larry -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Dave CROCKER Sent: Wednesday, December 17, 2008 3:34 PM To: Brian E Carpenter Cc: IETF discussion list Subject: Re: IPR Questions Raised by Sam Hartman at the IETF 73 Plenary Brian E Carpenter wrote: On 2008-12-18 11:32, Dave CROCKER wrote: My assumption was that the IETF owned the work. Pure and simple. False. You never implicitly transferred ownership. Yes I did. As I say, that was the culture. Scott didn't have to come to Erik or me and ask permission, and he didn't even have to think about whether he was required to. That was the culture. Law often follows culture, since culture creates established practice. I do realize that that was a long time ago and that we certainly have many participants holding different views. I was reviewing the history on the general belief that a crisis of the current sort can often be aided by taking a fresh look at first principles. But since I've now had a number of public and private exchanges with folk who have been diligent participants in this topic and since none has seemed to understand -- nevermind embrace -- the line of discussion I've tried to raise, I'll go back to my observer status and let the folks who are putting the real effort into this continue on. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: IPR Questions Raised by Sam Hartman at the IETF 73 Plenary
Dave Crocker wrote: That was the culture. Law often follows culture, since culture creates established practice. I hope you're right. May I ask: Is there anyone on this list who is asserting a current copyright interest in any IETF RFC--on your own behalf or on behalf of your company--that would encumber the freedom of any IETF participants to copy, create derivative works, and distribute that RFC in accordance with IETF culture? On what basis do you assert that current copyright interest in those RFCs? Have you registered that copyright? Is that copyright interest sole or joint with any other entity, including other contributors or the IETF Trust itself? I'm not interested to hear about hypothetical situations. I would like to know if there are any actual claims of copyright ownership that people here are even considering to assert against IETF's complete freedom to act and establish functional Internet standards. /Larry -Original Message- From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Dave CROCKER Sent: Wednesday, December 17, 2008 3:34 PM To: Brian E Carpenter Cc: IETF discussion list Subject: Re: IPR Questions Raised by Sam Hartman at the IETF 73 Plenary Brian E Carpenter wrote: On 2008-12-18 11:32, Dave CROCKER wrote: My assumption was that the IETF owned the work. Pure and simple. False. You never implicitly transferred ownership. Yes I did. As I say, that was the culture. Scott didn't have to come to Erik or me and ask permission, and he didn't even have to think about whether he was required to. That was the culture. Law often follows culture, since culture creates established practice. I do realize that that was a long time ago and that we certainly have many participants holding different views. I was reviewing the history on the general belief that a crisis of the current sort can often be aided by taking a fresh look at first principles. But since I've now had a number of public and private exchanges with folk who have been diligent participants in this topic and since none has seemed to understand -- nevermind embrace -- the line of discussion I've tried to raise, I'll go back to my observer status and let the folks who are putting the real effort into this continue on. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: IPR Questions Raised by Sam Hartman at the IETF 73 Plenary
Reply below. /Larry -Original Message- From: John C Klensin [mailto:john-i...@jck.com] Sent: Wednesday, December 17, 2008 7:02 PM To: lro...@rosenlaw.com; 'IETF discussion list' Subject: RE: IPR Questions Raised by Sam Hartman at the IETF 73 Plenary --On Wednesday, 17 December, 2008 16:56 -0800 Lawrence Rosen lro...@rosenlaw.com wrote: Dave Crocker wrote: That was the culture. Law often follows culture, since culture creates established practice. I hope you're right. May I ask: Is there anyone on this list who is asserting a current copyright interest in any IETF RFC--on your own behalf or on behalf of your company--that would encumber the freedom of any IETF participants to copy, create derivative works, and distribute that RFC in accordance with IETF culture? ... Larry, So that we don't get assertions about either universal negatives or about people who are assumed to give up the right to claim copyright interest as a consequence of not answering your question,... [LR:] Universal negatives? I remember at least one email here yesterday or today where someone cavalierly stated that he claimed a copyright in an unnamed IETF spec. I wanted to flesh that claim out. Perhaps that person will have the courage to speak up precisely. That's the problem around here. People worry to death about IP claims that nobody is willing to actually make. People develop IP policies that solve nonexistent problems (such as the code vs. text debate) and, by doing so, add further confusion, evidenced by this current problem. I refuse to be cowed by ambiguous claims of IP, particularly copyrights that seek to inhibit the development of *functional* industry standards. It is even worse than ambiguously claiming that there might be patented technology here but then refusing to identify or license it, because copyright lasts for 100 years, not just 20. I can outwait the patent IP claims, but technology will be hostage for my entire lifetime to the copyrights. That can't be justified. Your question does not distinguish between uses by IETF participants for IETF-related purposes (e.g., standards development) and uses by people who participate in the IETF for purposes not directly related to IETF work (e.g., insertion into programs or their documentation whether conforming to those standards or not). Was the failure to make that distinction intentional? [LR:] Yes. Both are absolutely essential for implementation of open standards. If it was intentional, is your question intended as a back-door way to reopen the questions about whether the IETF intends unlimited use of its material, with or without acknowledgements and citation and regardless of purpose, that the IPR WG resolved in the negative? [LR:] Yes, since the front door has been closed. My question is definitely: Is anyone retaining a copyright in such functional materials with the intent to prevent unlimited use by *anyone*? Please don't assert that this need be without acknowledgements and citation. I've never said that. As for regardless of purpose, as long as the purpose is to obtain a specific standard functionality and thus the words are not subject to copyright, try and stop me, regardless of what the IPR WG says. Finally, when you ask this question, are you asking as an individual participant in the IETF process or as an attorney who might be called upon to advise one or more clients on the subject of dealing with the IETF and/or IETF-related IPR? If the latter, would you mind identifying those clients and any other interest you might have in the answers other than idle curiousity? [LR:] I am asking as an attorney and IETF participant (we're all individuals here, I've been told, with individual opinions) who is anxious to understand why so many people on here are worried about copyright infringement and are seeking to protect copyrights they don't even have the honesty to claim outright. I care about IETF specifications in this email thread, not about any specific clients. As to whether I might represent one or more clients on this issue, my lips are sealed. thanks, john p.s. Even if it were clearly true at one time, which some would dispute, Dave's assertion about the present IETF culture is controversial given, at least, the IETF's history and positions about IPR and copyright over the last decade or more. [LR:] So if the culture is controversial, and the process we've inadequately developed is controversial, perhaps we should actually consider the law. Which is what I'm trying to do. Unfortunately what people are doing here is speculating about hypothetical situations and refusing to declare their real interests in promoting restricted copyright licenses for functional specifications. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: IPR Questions Raised by Sam Hartman at the IETF 73 Plenary
On Dec 12, 2008, at 1:07 PM, Russ Housley wrote: This was the consensus of the IPR WG and the IETF, On Dec 13, 2008, at 8:52 AM, Cullen Jennings responded: I doubt the IPR WG really fully thought about this or understood it. If someone who was deeply involved can provide definitive evidence of this one way or the other that would be great. I am pretty sure this was not widely understood when it was IETF LC and I very confident it was not understood by the IESG when when they approved it. Cullen Jennings is right. I remember that the IPR WG consistently focused on narrow issues rather than assessing the big picture. As to Sam Hartman's original question, he is free to take any RFC and modify it to describe the essential functions of a different industry standard functional specification without asking anyone's permission. He needn't seek a copyright license from IETF or from any contributor to IETF. Quite simply, copyright doesn't apply: In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work. 17 USC 102(b). The notion is not right, albeit that it is reflected in the current IETF IPR policy, that a process can be in any way restricted from being improved because someone planted a copyright notice on its essential description. An description of a process, method of operation, etc., cannot be locked away and prevented from amendment and improvement because of copyright. Allowing that would subject our functional process specifications in IETF to 100-year copyright monopolies even though there aren't even 20-year patent monopolies that apply to that specification. Nobody owns those ideas or the essential descriptions of those ideas; they are public domain. So my answer to Sam's question is: I dare anyone to try and stop you or me from taking an IETF RFC and revising it as necessary to express any new idea, procedure, process, system, method of operation, concept, principle, or discovery. And I dare anyone to try and stop IETF or any other standards organization from adopting such an improvement as a revised RFC because of a copyright notice. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: IP-based reputation services vs. DNSBL (long)
2. Ask IETF to charter a working group tasked with developing a protocol for communicating email sender reputation. The group can consider DNSBL as a possible solution but should not be bound by a requirement to be compatible with it, or to use DNS at all. Lisa and Chris have stated that they're open to consider chartering new WG if there seems to be consensus on a charter. What about it, folks? As one of the people who objected when the previous spam WG was under way, I now support this proposal to form a new WG to address the technical problem. I hope the charter, unlike the previous one, will require the development of a protocol for communicating email sender reputation that can be implemented in email products without known patent encumbrances that are incompatible with open source software. Email is simply too important to allow otherwise. Best, /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen Author of Open Source Licensing: Software Freedom and Intellectual Property Law (Prentice Hall 2004) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Leslie Sent: Monday, November 10, 2008 12:38 PM To: Keith Moore Cc: IETF Subject: Re: IP-based reputation services vs. DNSBL (long) I find myself in complete agreement with Keith's major points: Keith Moore [EMAIL PROTECTED] wrote: 1. Several people have argued (somewhat convincingly) that: ... It's important to keep these in mind, as they appear to make a compelling case for some kind of standardized reputation service. I might add that we don't need to standardize anything if we're happy with what we already have. 2. Several people have also related experiences of valid messages being blocked by such reputation services, and of the difficulty of routing around them and getting their reputations corrected. ... Many ordinary folks are abandoning email rather than even _try_ to fix such problems. 3. An informal protocol for reporting reputations using DNS has been in use for several years, and such use has become widespread. An IRTF group (ASRG) began a useful effort to document this protocol. Such an effort is clearly useful for research purposes, and should also be useful for any future attempts at standardization. 4. At some point ASRG decided that the protocol should be on the IETF standards track and has requested such. This is where we went wrong. Well, actually we went wrong quite a while ago, when a prior IESG decided not to have a WG considering the spam problem in general. I can't entirely blame the folks who have latched onto IRTF's ASRG in the absence of an appropriate IESG forum. (And now we're carrying out a flame-war here -- a clear indication IMHO that we need an IETF (not IRTF) list to move this discussion to.) This process that produced this proposal reminds me of several patterns I've seen come up often in IETF. 1. The first pattern is when an author or group gets confused between the goal of writing an informational document to describe existing practice, and the goal of writing a standards-track document that describes desirable practice. This is human nature. IETF has developed protections againt this (which do not require flame-wars). We should use them. 2. The second pattern is when people insist that a widely deployed protocol is inherently deserving of standardization, without further vetting or changes, merely because it is widely deployed. This is commercial nature. IETF could use better protections against this... 3. The third pattern is when a closed industry group, or an open group that is not chartered to develop a standard protocol, insists that its product merits standardization by IETF because it has gained consensus of that group. This is not necessarily bad. But IESG (usually) tries to avoid the situation getting this far -- by giving widespread notice of a WG charter and encouraging cross-area review _before_ IETF last-call. Such efforts can be considered in the IETF process as individual submissions, but they need a great deal of scrutiny... I entirely agree, even though the necessary scrutiny is easy to misinterpret as personal attacks by folks who don't understand the situation. The main point to be made here is that the consensus of an external group means nothing in terms of either IETF consensus or judgment of technical soundness. In particular, external groups often have a much narrower view of protocol requirements than IETF does. This is important! It's worth reading again. All of these patterns are associated with delays in accepting a standard. They are also associated with poorer quality
RE: IP-based reputation services vs. DNSBL (long)
Not to belabor the totally painfully obvious, but DNSBLs are a protocol for communicating email sender reputation that are implemented in open source software without patent encumbrances and have been for a deacade. Wonderful! /Larry -Original Message- From: John Levine [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2008 1:38 PM To: ietf@ietf.org Cc: [EMAIL PROTECTED] Subject: Re: IP-based reputation services vs. DNSBL (long) I hope the charter, unlike the previous one, will require the development of a protocol for communicating email sender reputation that can be implemented in email products without known patent encumbrances that are incompatible with open source software. Email is simply too important to allow otherwise. Not to belabor the totally painfully obvious, but DNSBLs are a protocol for communicating email sender reputation that are implemented in open source software without patent encumbrances and have been for a deacade. What would be the point of yet another WG to reinvent this wheel? R's, John ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: FW: IETF copying conditions
Harald Alvestrand wrote; - The discussion of permitting change to text was extensive and repeated. - The consensus of the working group was the compromise position now documented. I assert that if you want to claim that either of these two statements are false, YOU back it up with evidence. As it stands, you are making statements that I personally, as the WG chair who's tried to shepherd this process for the last 3 years, find to be crossing the border between uninformed speculation and assertions that I would have to take personal affront at. Harald, I certainly meant no insult to your efforts to shepherd an IPR group with a *flawed charter* [1] to a conclusion with which I disagree. You and I discussed this many times in-channel and back-channel, and you remember my frustrations and my sympathy for your position then and now. Indeed, we just wasted another thread arguing about the nonsensical distinction between code and text and again heard some people assert it is somehow relevant to the goal of pushing the IETF brand and seeking consistency on standards. The proposed IETF IPR policy allows the public to modify the code present in IETF specifications but not to use that same specification to create modified text to document that modified code! Does anyone here honestly believe this is justified? You admit: The working group took no vote. Nobody ever does in IETF. It is thus possible for a small group of people who have the stomach to attend to boring IPR discussions to come to an irrational conclusion. Since there was never a vote, I retain the right to repeat my concerns. You'll notice I've not tried to dominate this thread, but I was invited to comment once again--and I did. -1. /Larry [1] Failure to address patents; failure to identify the goals for IETF of a revised copyright policy; failure to weigh benefits and costs to the public of various alternatives. P.S. I moved this back to [EMAIL PROTECTED] Even though some people there find these battles over legal issues boring and distracting, this policy is the guts of why we're here. It should be the entire organization that debates the charter and results of a policy working group, not the working group itself. -Original Message- From: Harald Alvestrand [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 24, 2008 10:22 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: FW: IETF copying conditions Lawrence Rosen wrote: Ted Hardie wrote: Just to forestall Jorge spending some of his valuable time on this, I note that I'm not confused about this point--I was talking about cases where SDOs wished to re-publish (modified) IETF text within their own specs. This does not mean that they that they write it down and say here is the text from RFC ; it means that they want to take the text, change it, and re-publish it. Allowing someone to say no to that is something the working group has said it wants to retain. I don't believe you can point to a vote anywhere in the IPR WG on that exact point. Instead, you and others on the committee moved the discussion into the misleading topic of code vs. text, and pretended that there was some difference important to you. Larry, that is your claim. I don't dispute the claim that we haven't taken a vote, because the IETF does not vote. But I will assert two things: - The discussion of permitting change to text was extensive and repeated. - The consensus of the working group was the compromise position now documented. I assert that if you want to claim that either of these two statements are false, YOU back it up with evidence. As it stands, you are making statements that I personally, as the WG chair who's tried to shepherd this process for the last 3 years, find to be crossing the border between uninformed speculation and assertions that I would have to take personal affront at. Some breadcrumbs from the archives - both the meeting minutes, the ticket server and the email archives are online, and you should be able to find them easily to verify: The issue tracker shows #1169: Modified excerpts, with the first text Should modified versions of excerpts from non-code text be permitted?. https://rt.psg.com/Ticket/Display.html?id=1169 The resolution, as of November 13, 2007 (I was lame in my tracker updates), says Resolved as of Chicago (not). The July 2007 minutes of the physical meeting in Chicago show: Consensus in room that the other issues have been resolved: #1166, 1167, 1168, 1169, 1175, 1199, 1237, 1246, 1337, 1400 http://www.ietf.org/proceedings/07jul/minutes/ipr.txt My archive search shows that this occurs in multiple messages to the list: June 27, 2006, Ticket status, June 27, 2006: #1169 Modified excerpts Consensus that modifications to make use of code in implementations are OK. No consensus on modifications to non-code. Not clear if consensus exists
RE: FW: IETF copying conditions
I'm moving this to [EMAIL PROTECTED] There are important policy implications here that the entire community should understand before we let the IPR WG decide for us on a policy so opposite to open source and open standards! I am also copying this separately to the Open Web Foundation (OWF) list, which I believe may have some interest in ensuring that it can copy and modify IETF specifications for its own standards any time it damn well pleases. /Larry At 11:18 AM -0700 9/17/08, Lawrence Rosen wrote: Suppose you were to specifically ask whether IETF wants to prevent other SDOs from re-publishing (modified) IETF text within their own specs? Do you expect that the community here really wants to limit the use of IETF specs in that way? Yes, undoubtedly that was the WG consensus. We don't want to see other SDOs publishing incompatible versions of our protocols, period. And this is not paranoia; it's evidence-based, although I don't want to point the finger at specific SDOs, since such matters are usually handled by courteous bilateral discussions. Using copyright protection is clearly a last resort. Why on earth would a volunteer, cooperative standards organization like IETF want to do that to other volunteer, cooperative SDOs? Becaus our primary mission is to make the Internet work better, which requires interoperable protocols, which precludes incompatible versions. Brian * Please note: There is an earlier set of emails on this thread in the archives of the IPR WG. /Larry * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian E Carpenter Sent: Wednesday, September 17, 2008 2:15 PM To: [EMAIL PROTECTED] Subject: Re: FW: IETF copying conditions ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: FW: IETF copying conditions
Paul Hoffman wrote: Which SDOs that you participate in want to see other SDOs publishing *incompatible* versions of their protocols? Hi Paul, Of course none of the SDOs that I work with want to see incompatible versions. But this turns the issue on its head. Open source and open standards deal with the freedom to do things, even though we might discourage people to take us up on that offer of freedom. So with respect to IETF specifications, the open source and open standards objective is that the world is *free* to make compatible or incompatible versions of our specifications. (This is the philosophy that neither IETF nor Microsoft nor IBM, nor anyone else, is going to be the absolute God of acceptable software.) I'm sure that good people everywhere will cooperate to ensure that all good versions of our specifications are compatible, and cooperative people will be encouraged to remain compatible by virtue of the quality of our work. But if anyone, anywhere, for any reason, wants to take an IETF specification and modify it, open source requires that he be free to do so. The current proposed IPR policy seems to allow that for code but not for text in our specifications. What a burden that imposes to protect people from freedom! /Larry -Original Message- From: Paul Hoffman [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2008 3:19 PM To: [EMAIL PROTECTED]; ietf@ietf.org Cc: [EMAIL PROTECTED] Subject: RE: FW: IETF copying conditions At 2:43 PM -0700 9/17/08, Lawrence Rosen wrote: I'm moving this to [EMAIL PROTECTED] There are important policy implications here that the entire community should understand before we let the IPR WG decide for us on a policy so opposite to open source and open standards! Larry, I'm confused. What about the statement that We don't want to see other SDOs publishing *incompatible* versions of our protocols, period is the opposite of the policy of open standards (emphasis added)? Which SDOs that you participate in want to see other SDOs publishing *incompatible* versions of their protocols? --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Failing of IPR Filing Page when makling updates in re LTANS andother filings.
Scott Brim asked: How can a description of how to use a technology infringe on a patent? It can't. :-) But neither does IETF have any responsibility to parse and evaluate any of the frivolous claims made in IPR disclosures. Responding to loose IPR claims in public here only gives them undeserved credence. People and companies will file what IPR disclosures they will; other people will evaluate their importance when it becomes important to do so. /Larry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Brim Sent: Tuesday, August 12, 2008 9:36 AM To: TS Glassey Cc: Contreras, Jorge; [EMAIL PROTECTED]; Carl Wallace; [EMAIL PROTECTED]; IETF Discussion Subject: Re: Failing of IPR Filing Page when makling updates in re LTANS andother filings. On 8/12/08 12:02 PM, TS Glassey allegedly wrote: As to the IPR Page - it does not allow for updates of already filed IPR Statement's to include new IETF documents which violate the patent rights after the posting of the IPR Notice. How can a description of how to use a technology infringe on a patent? ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: IETF Last Call for two IPR WG Dcouments
Simon Josefsson wrote: To give the Trust something concrete to work with I propose to add the following: To make sure the granted rights are usable in practice, they need to at least meet the requirements of the Open Source Definition [OSD], the Free Software Definition [FSD], and the Debian Free Software Guidelines [DFSG]. +1 /Larry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Josefsson Sent: Friday, March 28, 2008 3:02 AM To: Russ Housley Cc: ietf@ietf.org Subject: Re: IETF Last Call for two IPR WG Dcouments Regarding -outbound section 4.3: IETF contributions often include components intended to be directly processed by a computer. Examples of these include ABNF definitions, XML Schemas, XML DTDs, XML RelaxNG definitions, tables of values, MIBs, ASN.1, or classical programming code. These are included in IETF contributions for clarity and precision in specification. It is clearly beneficial, when such items are included in IETF contributions, to permit the inclusion of such code components in products which implement the contribution. It has been pointed out that in several important contexts use of such code requires the ability to modify the code. One common example of this is simply the need to adapt code for use in specific contexts (languages, compilers, tool systems, etc.) Such use frequently requires some changes to the text of the code from the IETF contribution. Another example is that code included in open source products is frequently licensed to permit any and all of the code to be modified. Since we want this code included in such products, it follows that we need to permit such modification. While there has been discussion of restricting the rights to make such modifications in some way, the rough consensus of the IETF is that such restrictions are likely a bad idea, and are certainly very complex to define. As such, the rough consensus is that the IETF Trust is to grant rights such that code components of IETF contributions can be extracted, modified, and used by anyone in any way desired. To enable the broadest possible extraction, modification and usage, the IETF Trust should avoid adding software license obligations beyond those already present in a contribution. The granted rights to extract, modify and use code should allow creation of derived works outside the IETF that may carry additional license obligations. ... I believe the intention here is good, but it leaves the IETF Trust with no guidelines on how to write the license declaration that is likely to work well in practice with actual products. There are no reference to what open source means in this context, and references to free software is missing. I believe it would be a complete failure if code-like portions of RFCs cannot be included into open source and free software products such as the Debian project. To give the Trust something concrete to work with I propose to add the following: To make sure the granted rights are usable in practice, they need to at least meet the requirements of the Open Source Definition [OSD], the Free Software Definition [FSD], and the Debian Free Software Guidelines [DFSG]. For those who fear that this will lead to complexity: releasing something that is compatible with those requirements is simple. The modified BSD license meets those requirements, as does a number of other methods, including releasing the work into the public domain. The references being: [OSD] The Open Source Definition, http://opensource.org/docs/osd [FSD] The Free Software Definition, http://www.fsf.org/licensing/essays/free-sw.html [DFSG] The Debian Free Software Guidelines, http://www.debian.org/social_contract#guidelines Thanks, Simon Russ Housley [EMAIL PROTECTED] writes: During the Wednesday Plenary at IETF 71, I gave the IETF community a heads up on two documents from the IPR WG that were nearing IETF Last Call. Both of the documents have now reached IETF Last call. The Last Call announcements are attached. Please review and comment. Russ == == == == == == == == == == To: IETF-Announce [EMAIL PROTECTED] From: The IESG [EMAIL PROTECTED] Subject: Last Call: draft-ietf-ipr-outbound-rights (Advice to the Trustees of the IETF Trust on Rights to be Granted in IETF Documents) to Informational RFC Date: Wed, 19 Mar 2008 15:15:56 -0700 (PDT) Cc: [EMAIL PROTECTED] The IESG has received a request from the Intellectual Property Rights WG (ipr) to consider the following document: - 'Advice to the Trustees of the IETF Trust on Rights to be Granted in IETF Documents ' draft-ietf-ipr-outbound-rights-06.txt as an Informational RFC The IESG plans to make a decision in
RE: My view of the IAOC Meeting Selection Guidelines
Iljitsch van Beijnum wrote: So that means every meeting has to bring in $800k, which is a bit more than the current number of attendees x the current registration fee. Fred Baker wrote: One thing the IAOC is looking at at this instant is our phone bill. The IETF's phone budget for 2008 is IESG: $58,800 IAB:$22,500 Nomcom: $30,000 IASA/IAOC: $17,235 - $128,535 It seems to me that the $800k budget for a single conference can buy an awful lot of telephony (or VoIP) bandwidth so that inefficient and expensive in-person meetings can be replaced by web meetings. Perhaps that money could even be used to pay programmers to create a workable web-based voice and video system for technical meetings -- open source, of course. I understand that these budget items aren't directly transferrable, but I'm struck by how much we pay for bad ways to meet, and how relatively little we pay for all the other electronic communications that gets the real work done. Fred Baker further wrote: I won't go through the budget line by line, but you get the idea. In a $4.9M budget, we are looking at a few line items in 6 digits and a number more in five digits, and asking in each case how to change N digits to N-1. This doesn't even count the ever-increasing cost in travel and lodging expenses that individuals and their companies pay to attend IETF meetings. That's why I never attend, for example: Too expensive, even when I'd rather be there to vote! Surely we can find a way to work together without always having to fly to distant climes? And we'd save the environment too, if technical professionals got together electronically. /Larry Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen ___ Ietf mailing list Ietf@ietf.org http://www.ietf.org/mailman/listinfo/ietf
RE: Reminder: Offer of time on the IPR WG agenda for rechartering
Harald Alvestrand wrote: The outcomes I see possible of such a discussion are: snip I can't be in Vancouver for this meeting. Probably few of the others who have been vocal on these issues on these email lists can be in Vancouver either. I hope no decisions will be arrived at in what will probably be an unrepresentative arena. In-person meetings are an ineffective and expensive way to decide things in the Internet age. In any event, these email lists have elicited more comments than any meeting in Vancouver could properly address. How do we intend to move toward consensus? FWIW, I support Simon's I-D as far as it goes. It is a fine description about how free software is adversely affected by restricted copyrights and patents when implementing so-called open standards. But I don't think that I-D will suffice alone, and I still recommend that the IPR-WG be re-chartered to propose formal IETF policies that require open standards for the Internet. We should commit in all IETF working groups to remain aware of the influence of patents and copyrights on our standards, to react in intelligent ways to any patent or copyright encumbrances brought to our attention, and all participants in the specification drafting process should commit formally to produce open standards unencumbered by copyright or patent royalties or licensing conditions that would limit implementation by anyone who wants to do so. The devil is in the details, but Vancouver is not the place to brush those details under the rug. We need to re-charter the IPR-WG to fill in the details on a policy for which we can all vote. The alternative to a re-charter is for this complaint to be brought up again and again, every time someone has the audacity to recommend an IETF specification that is encumbered so to prevent FOSS implementations. Is that preferable? If you like, spend 5-10 minutes amongst yourselves in Vancouver discussing this matter. Let us know what you decide. /Larry Rosen -Original Message- From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED] Sent: Sunday, November 04, 2007 9:21 PM To: ietf@ietf.org; [EMAIL PROTECTED] Subject: Reminder: Offer of time on the IPR WG agenda for rechartering Just a reminder I have not yet seen a request for time on the IPR agenda that is backed with an I-D fulfilling the criteria laid out below. Simon's free software guideline exists as an I-D, but I have not had a request to put it on the agenda. The deadline for -00 I-Ds is in a week. Harald Alvestrand Forwarded Message Date: 25. oktober 2007 14:30 +0200 From: Harald Tveit Alvestrand [EMAIL PROTECTED] To: ietf@ietf.org, [EMAIL PROTECTED] Subject: Offer of time on the IPR WG agenda for rechartering As it looks now, the IPR WG's meeting in Vancouver will not be extremely contentious. So, while priority MUST be given to finishing the WG's current work (copyrights), it seems reasonable to offer a time slot to proposals to recharter the WG to deal with patent issues. I think we can offer at least some time for face-to-face discussion of the issues - but in order to have a more focused discussion than a general discussion on whether or not anything needs to be done, The outcomes I see possible of such a discussion are: - No changes are necessary. The IPR WG can shut down. - A change is necessary, and a specific proposal is deemed closest to what the community wants. We can process a recharter request soon after the IETF meeting. - A change is necessary, but no consensus on what change exists. More discussion is necessary. - No consensus can be reached on whether or not a change is necessary. I'd like the people who want time on the agenda to supply a text (preferably published as an I-D), which summarizes, as clearly as possible: - What they think has changed since the last IPR WG evaluation of patent policy - What changes in overall direction they think the WG should address - What the charter for this activity should look like If more than one such proposal should appear, I'd suggest giving each submitter a 5-10 minute slot for making their argument, and leaving at least half an hour for general discussion. Please submit I-Ds with the name pattern of draft-submitter-ipr-patent-something - that would make it easy for us to find them all. The timeslot for the WG is Tuesday morning from 0900 to 1130; the rechartering discussion would be within the time from 1030 to 1130. Harald ___ Ipr-wg mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ipr-wg -- End Forwarded Message -- ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org
RE: When is using patented technology appropriate?
Keith Moore wrote: For several reasons, it is difficult to imagine an IETF-wide procedure that allows the existence of a patent to trump other considerations of protocol feasibility and deployability: Who suggested otherwise? It is not the existence of the patent that matters, but its unavailability under license terms that allow implementation in *any* software. The more feasible and deployable the protocol, the more important will be FOSS implementations. Who's trumping who? /Larry -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED] Sent: Thursday, October 25, 2007 1:31 PM To: [EMAIL PROTECTED] Cc: ietf@ietf.org Subject: Re: When is using patented technology appropriate? Lawrence Rosen wrote: Steven Bellovin wrote: Right. Any IPR policy has to acknowledge the fact that relevant patents can be owned by non-troll non-participants. (Too many negatives there -- what I'm saying is that IETFers don't know of all patents in the space, and there are real patent owners who care about their patents, even though they aren't trolls.) I agree, but I suggest that our new IPR policy ought to set expectations for how we deal procedurally with such outside encumbrances when discovered. The defensive termination provision in most contributors' IETF patent grants can also help to protect our specifications from trolls and some third-party patent owners, depending upon how those grants are worded. For several reasons, it is difficult to imagine an IETF-wide procedure that allows the existence of a patent to trump other considerations of protocol feasibility and deployability: - Many patents are believed to be invalid or indefensible. IETF as an organization cannot get in a position of deciding whether a patent is valid or defensible, both because it doesn't really have the resources or in-house expertise to do this, and because the only way to know for sure is to go through a lengthy court process, perhaps in several different countries. And yet, if there is a consensus among those who are invested in the technology that a particular patent isn't going to present an actual obstacle to deployment, it makes sense to let it go forward. The alternative - letting a dubious patent block or significantly delay approval of an IETF standard - gives dubious patents much more power than they deserve. - A similar argument can be made for patents that are valid and defensible, but for which the applicability to a given protocol is dubious. - There have been cases in the past where apparently valid and applicable patents, existed but would expire soon. Some of our standards appear have a useful lifetime of many decades. From that point of view, a patent that has been in force for a few years might be a short-term concern. Whether this is the case depends on many factors, including the remaining lifetime of the patent and the nature of the protocol under discussion. An IETF-wide policy doesn't seem to make sense here, especially if the effect of that policy were to delay work on a protocol that probably wouldn't be ready for deployment until the patent had expired, or nearly so, anyway. - There are cases for which a patent with an RAND license presents an insignificant barrier to deployment, because a substantial monetary investment would be required in any event to implement a protocol. For instance, a protocol that inherently requires expensive hardware to implement, but for which the license fee is a small portion of that required to pay for the hardware. Again, this is something that needs to be evaluated on a case-by-case basis. - Just because it appears at first that a protocol might be impaired by the existence of a patent, doesn't mean that a workaround won't be found as the protocol is developed. This has happened many times. Also, patent holders have been known to make licenses available under more attractive terms precisely because the technology was being considered for an IETF standard. That kind of pressure/encouragement might well be more effective at making useful technology available to the Internet community than a blanket patent policy. Speaking as someone who has been involved in IETF for about 17 years now, by far the best way to ensure that IETF protocols to be safe for open source implementors is for open source implementors to participate in IETF working groups. IETF's policy of rough consensus means that every interested party has a strong voice when it comes to objecting to things that will hamper implementation or deployment. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Patents can be for good, not only evil
Eric Burger wrote: I specifically applied for patents underlying the technology behind RFC 4722/RFC 5022 and RFC 4730 specifically to prevent third parties, who are not part of the IETF process, from extracting royalties from someone who implements MSCML or KPML. That was a waste of your time and money. Publication of those inventions by you, at zero cost to you and others, would have been sufficient to prevent someone else from trying to patent them. Next time, get good advice from a patent lawyer on how to achieve your goals without paying for a patent. Remember, just because *you* do not have IPR in an IETF standard does not mean someone *else* has IPR in the standard. If that someone else does not participate in the IETF or, for that matter, happen to not participate in the work group or, in reality, are not editors of a document, they can fully apply their IPR against the standard once it issues. Right! And that's why every one of the FOSS-compatible patent grants to IETF, W3C or OASIS includes defensive termination provisions. We also want to protect standards against patent threats by third parties, and defensive provisions are consistent with FOSS licenses. For those here who keep asking for protection against patents in standards, there is no more effective technique than through a revised IPR policy that prohibits patent-encumbered standards from gaining the IETF brand in the first place. /Larry -Original Message- From: Eric Burger [mailto:[EMAIL PROTECTED] Sent: Monday, October 29, 2007 2:16 PM To: Keith Moore; [EMAIL PROTECTED] Cc: ietf@ietf.org Subject: Patents can be for good, not only evil I would offer that patents are NOT categorically evil. Phil Zimmerman has applied for patents in ZRTP, specifically to ensure that all implementations fully conform with the specification. Cost to license for a conformant specification? $0. Cost to not really provide privacy but claim to be implementing ZRTP? Costly! I specifically applied for patents underlying the technology behind RFC 4722/RFC 5022 and RFC 4730 specifically to prevent third parties, who are not part of the IETF process, from extracting royalties from someone who implements MSCML or KPML. Cost to license? $0. Cost to sue someone who infringes said third-party's IPR? That depends, but at least we raised the cost of shutting down an IETF standard. Remember, just because *you* do not have IPR in an IETF standard does not mean someone *else* has IPR in the standard. If that someone else does not participate in the IETF or, for that matter, happen to not participate in the work group or, in reality, are not editors of a document, they can fully apply their IPR against the standard once it issues. I like to have a little inoculation against that situation in the stuff I submit. -Original Message- From: Keith Moore [mailto:[EMAIL PROTECTED] Sent: Monday, October 29, 2007 4:04 PM To: [EMAIL PROTECTED] Cc: ietf@ietf.org Subject: Re: When is using patented technology appropriate? Lawrence Rosen wrote: Keith Moore wrote: For several reasons, it is difficult to imagine an IETF-wide procedure that allows the existence of a patent to trump other considerations of protocol feasibility and deployability: Who suggested otherwise? It is not the existence of the patent that matters, but its unavailability under license terms that allow implementation in *any* software. _and_ its validity, _and_ its applicability, both of which can be subjective and difficult to determine conclusively without long delays and excessive expense. so we have to make judgments. and by we I mean individuals participating in IETF, not IETF itself. The more feasible and deployable the protocol, the more important will be FOSS implementations. only relative to other protocols in the same space. granted that patents are the bane of any open standards-making organization, because patents do exactly the opposite of what open standards do. at the same time, we can't let FUD about patents become a denial of service attack to IETF efforts. Keith ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Patents can be for good, not only evil
Steven Bellovin wrote: We've all seen far too many really bad patents issued, ones where prior art is legion. The (U.S.) patent office seems to do a far better job of searching its own databases than it does the technical literature. I know there are many philosophical reasons why many people oppose software patents. But for others, there are very practical reasons: there are too many bad patents issued. I think we can all agree that stopping bad patents is a worthwhile goal, even if for some it's just an intermediate goal. The times they are a-changin'. [1] Please take a look at what's happening at http://dotank.nyls.edu/communitypatent/. This is a GREAT place for the technical experts in IETF to become involved in busting bad patents before they are issued. After patents are issued, busting them nowadays is also easier than it used to be if we can present prior art to support reexamination by the PTO. Take a look at what's happening at http://www.pubpat.org/. The notion that each IETF working group has to approach patent issues on its own, without help, is silly. Set an enforceable IETF patent policy for free and open standards, and bring the technical community together through these groups (and others!) to bust the bad patents we encounter, and I think our problems with patents will ease substantially. /Larry BCC: Beth Noveck and Dan Ravicher [1] By Bob Dylan: Come gather 'round people Wherever you roam And admit that the waters Around you have grown And accept it that soon You'll be drenched to the bone. If your time to you Is worth savin' Then you better start swimmin' Or you'll sink like a stone For the times they are a-changin'. Come writers and critics Who prophesize with your pen And keep your eyes wide The chance won't come again And don't speak too soon For the wheel's still in spin And there's no tellin' who That it's namin'. For the loser now Will be later to win For the times they are a-changin'. Come senators, congressmen Please heed the call Don't stand in the doorway Don't block up the hall For he that gets hurt Will be he who has stalled There's a battle outside And it is ragin'. It'll soon shake your windows And rattle your walls For the times they are a-changin'. Come mothers and fathers Throughout the land And don't criticize What you can't understand Your sons and your daughters Are beyond your command Your old road is Rapidly agin'. Please get out of the new one If you can't lend your hand For the times they are a-changin'. The line it is drawn The curse it is cast The slow one now Will later be fast As the present now Will later be past The order is Rapidly fadin'. And the first one now Will later be last For the times they are a-changin'. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Offer of time on the IPR WG agenda for rechartering
Harald, I am unable to be in Vancouver for the meeting, but I hope that someone else there will support the re-charter of the IPR WG as I suggested in my earlier email: *** I request that we charter the IETF IPR-WG to propose policies and procedures, consistent with the worldwide mission of IETF, which will result in IETF specifications unencumbered by restrictive, non-free patents. *** I also hope that a decision on this will not be based simply on who attends in Vancouver, but on a wider representative vote of IETF participants. /Larry Rosen -Original Message- From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED] Sent: Thursday, October 25, 2007 5:31 AM To: ietf@ietf.org; [EMAIL PROTECTED] Subject: Offer of time on the IPR WG agenda for rechartering As it looks now, the IPR WG's meeting in Vancouver will not be extremely contentious. So, while priority MUST be given to finishing the WG's current work (copyrights), it seems reasonable to offer a time slot to proposals to recharter the WG to deal with patent issues. I think we can offer at least some time for face-to-face discussion of the issues - but in order to have a more focused discussion than a general discussion on whether or not anything needs to be done, The outcomes I see possible of such a discussion are: - No changes are necessary. The IPR WG can shut down. - A change is necessary, and a specific proposal is deemed closest to what the community wants. We can process a recharter request soon after the IETF meeting. - A change is necessary, but no consensus on what change exists. More discussion is necessary. - No consensus can be reached on whether or not a change is necessary. I'd like the people who want time on the agenda to supply a text (preferably published as an I-D), which summarizes, as clearly as possible: - What they think has changed since the last IPR WG evaluation of patent policy - What changes in overall direction they think the WG should address - What the charter for this activity should look like If more than one such proposal should appear, I'd suggest giving each submitter a 5-10 minute slot for making their argument, and leaving at least half an hour for general discussion. Please submit I-Ds with the name pattern of draft-submitter-ipr-patent-something - that would make it easy for us to find them all. The timeslot for the WG is Tuesday morning from 0900 to 1130; the rechartering discussion would be within the time from 1030 to 1130. Harald ___ Ipr-wg mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ipr-wg ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: A priori IPR choices
Ted Hardie wrote: The point being, of course, that there is a world of difference between many and all here. If there is no development community using the GPL in an area, forcing the IPR restrictions to meet a GPL test may hinder development rather than enhance it, especially in cases where the only requirement in a license is to request it. For many development communities, that is not an issue since it requires no monetary outlay. Will you please stop talking about GPL as if it is the only open source license relevant here! My concern is that *all* free and open source licensors be able to implement IETF specifications without patent encumbrances. And *all* proprietary licensors too, for that matter. There ought to be no GPL test for IETF specifications, other than that our specifications be implementable and distributable under the GPL *and any other* license. As for setting our IPR policy based on whether there be an actual GPL (or other specific license) implementation at the time the specification is being created and approved, that's a strange proposal. The freedom and openness we seek is for implementations of IETF specifications now *or in the future*. We may not be using GPL now, but maybe someone will want to later. Why shouldn't IETF's IPR policy be compatible with that? /Larry -Original Message- From: Ted Hardie [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 24, 2007 9:17 AM To: Scott Kitterman; ietf@ietf.org Subject: Re: A priori IPR choices No. My point was that for the IETF, interoperability is the goal, not some general statement about goodness of Free software. In many/most/maybe all cases, this will require any IPR restrictions to be GPL compatible. Can you think of an open-source project interested in the work of CCAMP? That was one of the examples neither Sam nor I could immediately come up with, but I'd be interested in hearing if it is just too far off my stomping grounds. The point being, of course, that there is a world of difference between many and all here. If there is no development community using the GPL in an area, forcing the IPR restrictions to meet a GPL test may hinder development rather than enhance it, especially in cases where the only requirement in a license is to request it. For many development communities, that is not an issue since it requires no monetary outlay. Speaking only for myself, regards, Ted ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: When is using patented technology appropriate?
Steven Bellovin wrote: Right. Any IPR policy has to acknowledge the fact that relevant patents can be owned by non-troll non-participants. (Too many negatives there -- what I'm saying is that IETFers don't know of all patents in the space, and there are real patent owners who care about their patents, even though they aren't trolls.) I agree, but I suggest that our new IPR policy ought to set expectations for how we deal procedurally with such outside encumbrances when discovered. The defensive termination provision in most contributors' IETF patent grants can also help to protect our specifications from trolls and some third-party patent owners, depending upon how those grants are worded. /Larry -Original Message- From: Steven M. Bellovin [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 24, 2007 2:46 PM To: Brian E Carpenter Cc: Simon Josefsson; Sam Hartman; ietf@ietf.org Subject: Re: When is using patented technology appropriate? On Thu, 25 Oct 2007 10:15:55 +1300 Brian E Carpenter [EMAIL PROTECTED] wrote: On 2007-10-25 04:30, Sam Hartman wrote: ... Simon If you replace IBM with 'A Patent Troll', do you think Simon the same holds?I think that such behavior should Simon be presumed not to be a patent troll. Patent trolls are not known forpromising to give away royalty-free licenses. They are also, in general, known for *not* particpating in the standards process, precisely to avoid falling under patent disclosure requirements. As far as non-participants are concerned, nothing in our rules matters. Right. Any IPR policy has to acknowledge the fact that relevant patents can be owned by non-troll non-participants. (Too many negatives there -- what I'm saying is that IETFers don't know of all patents in the space, and there are real patent owners who care about their patents, even though they aren't trolls.) --Steve Bellovin, http://www.cs.columbia.edu/~smb ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: A priori IPR choices
Ted Tso wrote: Since the letter was sent in January 2006, IBM has moved to a new way of dealing with patents and standards, with its Interoperability Specification Pledge, which is essentially an irrovocable covenant not to assert any Necessary Claims to anyone making, using, importing, selling, or offerring for sale any Covered Implementations, with a broad defensive clause. This was announced in July of this past year, snip IBM's Interoperability Specification Pledge is fully consistent with the patent policy I urge generally upon IETF. We should encourage companies to adopt similar covenants for IETF specifications. Thanks, IBM. /Larry -Original Message- From: Theodore Tso [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 23, 2007 6:40 AM To: Simon Josefsson Cc: Frank Ellermann; ietf@ietf.org Subject: Re: A priori IPR choices On Tue, Oct 23, 2007 at 03:10:29PM +0200, Simon Josefsson wrote: Frank Ellermann [EMAIL PROTECTED] writes: Do you refer to the IBM patent on BOCU? As far as I have understood, IBM promised to grant a free patent license to people who requested it, but people never received a license despite requesting one. If this is accurate, I think it is a good example of a technology that should not be standardized and should not be promoted by the community. Can someone give an example of someone who has requested a license but not received one, please? (For reference, there is a copy of a letter which was apparently sent from IBM to the Unicode consortium here: http://unicode.org/notes/tn6/) Since the letter was sent in January 2006, IBM has moved to a new way of dealing with patents and standards, with its Interoperability Specification Pledge, which is essentially an irrovocable covenant not to assert any Necessary Claims to anyone making, using, importing, selling, or offerring for sale any Covered Implementations, with a broad defensive clause. This was announced in July of this past year, and more details can be found here: http://www-03.ibm.com/linux/opensource/ispinfo.shtml BOCU is not on the list of Covered Specifications, but my guess is that such an omission is very likely due to an oversight rather than any kind of maliciousness. The good news is this new framework doesn't require any kind of formal request to obtain a patent license, and so hopefully a request to move the offer of a RF license covering BOCU to the Interopreability Specification Pledge framework would hopefully take care of your issue. - Ted P.S. All opinions stated above are my own, and do not necessarily reflect IBM's positions, strategies, or opinions. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: A priori IPR choices
To: IETF list These are statements from FSF about the issue we've been discussing at [EMAIL PROTECTED] http://www.fsf.org/campaigns/software-patents/draft-housley-tls-authz-extns. html and http://www.fsf.org/news/oppose-tls-authz-standard.html The GPL does not have problems with most IETF specifications, only those that are encumbered by non-free patents. This is an important example of why so many of us in the open source and free software communities believe that the IETF patent policy must be improved. /Larry Rosen Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen Author of Open Source Licensing: Software Freedom and Intellectual Property Law (Prentice Hall 2004) ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: A priori IPR choices [Re: Third Last Call:draft-housley-tls-authz-extns]
John Klensin wrote: If you want to pursue this further, I think it would be helpful if you started supplying arguments that we haven't heard, repeatedly, before. Neither repeating those arguments, nor making the assumption that the IETF agrees with your goals and priorities, seems to be causing progress in this area. What it does accomplish is to get people to stop reading threads on this subject, which further lowers the odds of getting IETF consensus on a change in position. John and others, I have never made my proposal on ietf@ietf.org before. Indeed, I only started contributing on this list recently. I'm pleased that YOU have heard my arguments before in other venues, but there's no reason to assume that others here have done so. I don't assume that IETF agrees with my goals or priorities, nor perhaps do you have any reason to assume that the broader IETF community agrees with you. I made my suggestion here to re-charter the IPR-WG after lurking on the list for long enough to understand (I hope) the issues that this list considers and the cultural environment in which those considerations occur, and long after I became convinced that at least some of the people participating on the much narrower IPR-WG list were culturally and philosophically unwilling to listen to *any* arguments that IETF patent policy should be clarified or changed. Your reference to the older and more stubbornly traditional ISO, IEC and IEEE merely reminds me of important counter-examples, W3C and OASIS. Each standards organization needs to articulate its patent policy in light of its own mission and culture. IETF is a world-wide organization of volunteers that standardizes much of the Internet. This is an *open* Internet, available to all. Encumbering it with non-free patents is a danger that W3C and OASIS have addressed. I suggest that IETF should address it too! So please stand back a bit, John, and let the arguments on all sides be fairly raised and rebutted before the participants on this list. Let's see if consensus does arise here. Please don't assume, as I don't assume, that everyone who has an opinion has already spoken up. I hope that others here will speak up. *** Once again, specifically what I request is that we charter the IETF IPR-WG to propose policies and procedures, consistent with the worldwide mission of IETF, which will result in IETF specifications unencumbered by restrictive, non-free patents. *** -Original Message- From: John C Klensin [mailto:[EMAIL PROTECTED] Sent: Monday, October 22, 2007 11:15 AM To: [EMAIL PROTECTED]; ietf@ietf.org Subject: RE: A priori IPR choices [Re: Third Last Call:draft-housley-tls- authz-extns] --On Saturday, 20 October, 2007 19:15 -0700 Lawrence Rosen [EMAIL PROTECTED] wrote: ... But we're talking here about IETF standards, specifications that are prepared cooperatively and for free by talented individuals, companies and countries around the world. These specifications are intended for implementation everywhere to facilitate communications among us all. ... Larry, with all due respect, if you substitute ISO/IEC JTC1 or IEEE (at least in the computer and communications areas for both) in the above statements, they will still be true. The IETF is not particularly special in this regard. To me, the question is simply one of whether trying to insist on an unencumbered regime (whether for technical, economic, or moral/ religious reasons) is important enough to justify rejecting, a priori, any encumbered technology. The IETF has decided, repeatedly, that the answer is no and we want to look at these things on a case-by-case basis and evaluate the tradeoffs. While the part that follows the no differs, that is the same conclusion reached by ISO, IEC, IEEE, and others. If you want to pursue this further, I think it would be helpful if you started supplying arguments that we haven't heard, repeatedly, before. Neither repeating those arguments, nor making the assumption that the IETF agrees with your goals and priorities, seems to be causing progress in this area. What it does accomplish is to get people to stop reading threads on this subject, which further lowers the odds of getting IETF consensus on a change in position. Just my opinion, of course. john ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: A priori IPR choices [Re: Third Last Call:draft-housley-tls-authz-extns]
Brian Carpenter wrote: ... so that the goal of 100% unencumbered standards is unrealistic. That's almost certainly true. The world is full of encumbered standards, including in products I buy and use every day. I agree with you that THAT goal is unrealistic. No Don Quixote here! In fact, most IP attorneys like me support the freedom of individuals and companies to seek patents on their inventive technology and to profit - alone or in legal combination with their business partners - with products that implement those patents. But we're talking here about IETF standards, specifications that are prepared cooperatively and for free by talented individuals, companies and countries around the world. These specifications are intended for implementation everywhere to facilitate communications among us all. None of us want patent surprises when we implement IETF specifications. Everyone expects IETF to take reasonable steps, consistent with its fundamental technical mission, to de-mine the patent landscape so that anyone can implement our worldwide specifications in products of all types. I'm not proposing unrealistic goals, but instead proposing this more limited IETF-centric goal of free standards for IETF specifications. That is why I suggested that as a charter for the IPR-WG to review and propose how to make it happen here. As for those other non-IETF patent-encumbered standards: They can probably survive without IETF's free help. /Larry -Original Message- From: Brian E Carpenter [mailto:[EMAIL PROTECTED] Sent: Saturday, October 20, 2007 12:27 PM To: Hallam-Baker, Phillip Cc: Ted Hardie; [EMAIL PROTECTED]; ietf@ietf.org; Contreras, Jorge Subject: Re: A priori IPR choices [Re: Third Last Call:draft-housley-tls- authz-extns] Phill, If there were in addition some standard non disclosure contracts, standard contracts for holding pre-standards meeting and the like the result could be turned into a book which most managers in the valley would probably end up buying. Most of them, and those in Armonk that I used to work for, bought Section 10 of RFC 2026 and its successors. Certainly, open source was less of a factor when that regime was designed, but Linux still supports TCP/IP as far as I know. So I think the experimental evidence supports the arguments you're hearing from me, Ted and others. Don't confuse that with a liking for standards encumbered by patents with expensive licensing conditions. It's simply a matter of finding a pragmatic compromise in a world where software patents are granted, and often upheld by the courts, so that the goal of 100% unencumbered standards is unrealistic. Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: A priori IPR choices [Re: Third Last Call:draft-housley-tls-authz-extns]
Paul Hoffman wrote: Early on is much different than when the WG is formed. It is reasonable to talk about IPR desired *on a particular technology* when that technology begins to be discussed in the WG. And so, if our reasonable policy is that the IPR desired on IETF's standardized Internet technologies shall ab initio be free (in several senses of the word free to be defined later), then we must deal with patents early on. Like now You probably mean a narrower definition of technology than I intend, which includes *all* of IETF's Internet specifications. I'm after a resolution of IETF policy regarding patent-encumbered IETF specifications wherever they appear, not some rule that requires each WG to look for and compare patents to technology. I never suggested that each WG start or end its standardization process by looking for patents. What a waste that would be! Even the companies that own those patents refuse to take the time to do that before their employees join a WG. I agree with you that IETF should only address specific patents in the context of a specific technology (or set of technologies) when the patent landscape becomes clearer during WG activities. That may happen early on or later, as ideas ferment and as patents become known. Several of you are twisting my recommendations about policy into a threat to the independent creativity of each WG. I DON'T want each WG to worry about patents unless non-free patents actually are discovered. I DO want IETF to adopt policies concerning the disclosure of patents when known by WG participants, and the mandatory licensing of those patents for free by those patent owners who actually participate in and contribute to a specification, or alternatively the withdrawal of that specification as an IETF standard. Otherwise, to speak freely here, patent-encumbered specifications that we waste our time creating are useless for open source and many proprietary implementations. But I go beyond where we are already. The policy we need should not be debated here yet. This is too big a list for that discussion. What I request is that we charter the IETF IPR-WG to propose policies and procedures, consistent with the worldwide mission of IETF, which will result in IETF specifications unencumbered by restrictive, non-free patents. That's a simple charter for the IPR-WG. Not so simple perhaps to guarantee consensus even on definitions, and perhaps it won't result in a single formal proposal, but it needs to be addressed. The IPR-WG is an appropriate place for that activity. /Larry Rosen -Original Message- From: Paul Hoffman [mailto:[EMAIL PROTECTED] Sent: Friday, October 19, 2007 8:43 AM To: Simon Josefsson Cc: ietf@ietf.org Subject: Re: A priori IPR choices [Re: Third Last Call:draft-housley-tls- authz-extns] At 10:46 AM +0200 10/19/07, Simon Josefsson wrote: Paul Hoffman [EMAIL PROTECTED] writes: At 4:10 PM -0700 10/18/07, Lawrence Rosen wrote: Isn't it preferable to get into early battles over IP rules--and make sure those rules are clear to WG participants--before we have wasted our time and resources developing specifications that half the world (or more) can't implement? I don't know which of the IETF WGs you have been involved with, but that hasn't been the case for any of the ones I have dealt with. Could you give an example of an WG in which this would have been preferable? The DNSEXT WG is a good example where patented technology has been presented and time has been spent on discussing what to do with it. Some time later the working group drafted a requirements document (RFC 4986) which contained the following requirement '5.2. No Known Intellectual Property Encumbrance'. This is a good example of how Lawrence's proposal would not have worked. The technology you are talking about came up years after the WG was formed. The inclination to standardize only non-patented technology in DNSEXT is fairly strong. If the WG had made the policy explicit early on, the discussions related to the patented ideas could have been more easily dismissed. Time could be spent on more productive work. Early on is much different than when the WG is formed. It is reasonable to talk about IPR desired *on a particular technology* when that technology begins to be discussed in the WG. --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: A priori IPR choices [Re: Third Last Call:draft-housley-tls-authz-extns]
Ted Hardie wrote: Ah, I see why you appear to have changed your position. You actually want the result you're arguing for built into the charter of the IPR working group, beforehand without letting the community actually discuss it. Thanks for re-affirming my faith in your consistency. You're welcome. To state it more fairly, I want the result I'm arguing for to be built into the charter so that the WG can examine fairly what it will take to reach that goal. The WG cannot adopt a policy for IETF, only propose one. But the WG's work should be goal-directed. By the way, that's not such a change of tactic for that particular IPR-WG. You previously argued in committee that the current IETF patent policy is NOT a problem, and in that spirit the IPR-WG previously buried every counter-proposal we made as off-charter! So let's play the charter game fairly, please, by the same rules you played them. Let's charter the IPR-WG to develop a proposal that achieves a specific goal to fix a perceived patent problem. You can always argue against it in committee or vote against it if a serious proposal toward that goal gets before the IETF as a whole. /Larry Rosen ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: A priori IPR choices [Re: Third Last Call:draft-housley-tls-authz-extns]
[I stripped cc's from this reply] Brian Carpenter wrote: Violent disagreement. That would make all kinds of a priori processes kick in for employees of patent-conscious companies, and generally inhibit free discussion of initial ideas. Although it's messier to confront patent issues later in the process, I believe that is much better than constraining participation at the beginning. Scott Brim responded: +1 Otherwise you get into battles over theory and ideology without any of the information you need to make a decision. You will still be able to take your stance once the technical tradeoffs are worked out. Strong -1 to Brian's and Scott's comments. Isn't it preferable to get into early battles over IP rules--and make sure those rules are clear to WG participants--before we have wasted our time and resources developing specifications that half the world (or more) can't implement? Has anyone ever suggested that we inhibit free discussion of initial ideas? Please don't raise silly arguments like that. Among the most exciting discussions of ideas are those that come from having to design around a patent that isn't available for free. /Larry Rosen -Original Message- From: Scott Brim [mailto:[EMAIL PROTECTED] Sent: Thursday, October 18, 2007 3:12 PM To: Brian E Carpenter Cc: Simon Josefsson; ietf@ietf.org; Tim Polk Subject: A priori IPR choices [Re: Third Last Call:draft-housley-tls- authz-extns] On 19 Oct 2007 at 10:30 +1300, Brian E Carpenter allegedly wrote: On 2007-10-19 05:47, Hallam-Baker, Phillip wrote: What I would suggest is that new working groups be required to specify the governing IPR rules in their charter, these would be either that all IPR must be offered according to an open grant on W3C terms or that the working group specifies at the outset that RAND terms are acceptable. Violent disagreement. That would make all kinds of a priori processes kick in for employees of patent-conscious companies, and generally inhibit free discussion of initial ideas. Although it's messier to confront patent issues later in the process, I believe that is much better than constraining participation at the beginning. +1 Otherwise you get into battles over theory and ideology without any of the information you need to make a decision. You will still be able to take your stance once the technical tradeoffs are worked out. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: why can't IETF emulate IEEE on this point?
Steven Bellovin wrote: Because the strong consensus of the IPR WG a few years ago was to keep the current policy. As Ted Hardie pointed out, that group's mailing list is the correct place to raise this issue -- but frankly, I don't think the consensus has changed since the issue was last considered. Stephan Wenger wrote: Actually, per RFC 3978 and friends, the IETF does not even require a RAND commitment. There have recently been cases where RFCs have been issued with known patents that are not offered under RAND terms. It's up to the WG and IETF consensus to decide whether I-Ds including such encumbered technology can become RFCs (and what class of RFCs). Scott Brim responded: I'm with Ted ... let's take this over to ipr-wg. I respectfully disagree with Steven Bellovin and Scott Brim, and ask that we NOT turn this issue back to the IPR-WG unless and until its charter is revised to allow it to *completely revise* IETF's IPR policies with respect to patents. This issue was strangled in committee the last time the IPR-WG addressed RAND and other IPR policies for industry standards, with the WG leaders insisting (erroneously in my opinion) that there was consensus NOT to address the problems that the current IETF patent polices pose for open source *and* proprietary implementations of supposedly open standards. However it has to be done, I ask that IETF not let that burial happen again. Let's first charter the IPR-WG to completely reconsider the IETF patent policy in light of new software industry expectations, and so that we get rid of the inadequate RAND (and even non-RAND) IETF IPR policies that currently exist. /Larry Rosen Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen Author of Open Source Licensing: Software Freedom and Intellectual Property Law (Prentice Hall 2004) -Original Message- From: Steven M. Bellovin [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 25, 2007 12:20 PM To: Paul Vixie Cc: ietf@ietf.org Subject: Re: why can't IETF emulate IEEE on this point? On Tue, 25 Sep 2007 17:47:46 + Paul Vixie [EMAIL PROTECTED] wrote: in http://www.theregister.co.uk/2007/09/21/802_11n_patent_threat/, we see: Letters of Assurance are requested from all parties holding patents which may be applicable to any IEEE standard. Basically they state that the patent owner won't sue anyone for implementing the standard. ... i was thinking, what a great policy. why doesn't IETF have one like it? Because the strong consensus of the IPR WG a few years ago was to keep the current policy. As Ted Hardie pointed out, that group's mailing list is the correct place to raise this issue -- but frankly, I don't think the consensus has changed since the issue was last considered. --Steve Bellovin, http://www.cs.columbia.edu/~smb ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Last Call: draft-ietf-webdav-rfc2518bis (HTTP Extensions forDistributed Authoring - WebDAV) to Proposed Standard
Without forcing me to read all the referenced documents, is there an easy way to determine whether any IPR disclosures relating to these documents need to be correlated and disclosed? /Larry Rosen -Original Message- From: Cullen Jennings [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 20, 2007 5:35 PM To: Julian Reschke Cc: ietf@ietf.org Subject: Re: Last Call: draft-ietf-webdav-rfc2518bis (HTTP Extensions forDistributed Authoring - WebDAV) to Proposed Standard On Jan 22, 2007, at 4:49 AM, Julian Reschke wrote: Hi, RFC2518bis updates parts of RFC3253 (DAV:error below DAV:response) in an incompatible way, and thus should note it in the front matter (Updates: 3253) and mention it as a change near the Changes Appendix. (see http://ietf.osafoundation.org:8080/bugzilla/show_bug.cgi? id=258) Best regards, Julian Sent with my behave chair hat on ... This is always a complicated problem of does an update document update the documents that depend on the drafts it's updates. An extreme example is should TLS 1.2 update every document that uses TLS 1.0. It's pretty unwieldy to take that path so I I think a better path is that 3253 depends on 2518 and when we update 3253, then it will be changed to depend on the RFC that comes out of the 2518bis draft. The WG definitely considered the impact of the incompatibilities here and decided that this was an acceptable path - the only question we are trying to sort out here is if the id tracker shows this an up update on 3253 or not. Cullen ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
IETF IP Contribution Policy
FYI about the IETF IP Contribution Policy, please see the following link: http://blogs.zdnet.com/BTL/?p=4342 /Larry Rosen ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: MUST implement AES-CBC for IPsec ESP
Jorge Contreras wrote: Please note that any responses to your question Are any of these encryption algorithms patented? are being provided by individuals in the spirit of helpfulness and open sharing of information. Neither IETF nor the IETF Trust provide assurances or advice as to whether or not technology covered by IETF standards are covered by patent claims. The exclusive mechanism for soliciting and disclosing patent claims within the context of IETF activity is specified in RFC 3979, as we have discussed before. Please do not take anyone's efforts to respond to your questions as official IETF positions, as they are not and may not be relied upon as such. I didn't take anyone's comments on this list as any reassurance of anything other than their own understanding of the situation. I just asked about patent coverage because I wondered if anyone knew. This kind of question comes up at other organizations I work with too. Asking a patent question on an IETF list should not conflict with the exclusive mechanism you describe. You should realize that I, perhaps more so than others on this list, would never rely on helpful and open emails on a public IETF list--no matter how expert the writers are--for official reassurances about patents, particularly third party patents. The people here don't read patent claims, nor should they have to for this purpose. That is in part why I am in favor of mandatory licensing by contributors in addition to disclosures. /Larry -Original Message- From: Contreras, Jorge [mailto:[EMAIL PROTECTED] Sent: Sunday, January 21, 2007 5:23 AM To: Steven M. Bellovin; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; ietf@ietf.org; [EMAIL PROTECTED] Subject: RE: MUST implement AES-CBC for IPsec ESP Larry, Please note that any responses to your question Are any of these encryption algorithms patented? are being provided by individuals in the spirit of helpfulness and open sharing of information. Neither IETF nor the IETF Trust provide assurances or advice as to whether or not technology covered by IETF standards are covered by patent claims. The exclusive mechanism for soliciting and disclosing patent claims within the context of IETF activity is specified in RFC 3979, as we have discussed before. Please do not take anyone's efforts to respond to your questions as official IETF positions, as they are not and may not be relied upon as such. Regards, Jorge -Original Message- From: Steven M. Bellovin [mailto:[EMAIL PROTECTED] Sent: Saturday, January 20, 2007 6:28 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; ietf@ietf.org; [EMAIL PROTECTED] Subject: Re: MUST implement AES-CBC for IPsec ESP On Sat, 20 Jan 2007 14:45:26 -0800 Lawrence Rosen [EMAIL PROTECTED] wrote: For ESP encryption algorithms, the document that was sent out for Last Call contains the following table: RequirementEncryption Algorithm (notes) --- MUST NULL (1) MUST- TripleDES-CBC [RFC2451] SHOULD+AES-CBC with 128-bit keys [RFC3602] SHOULD AES-CTR [RFC3686] SHOULD NOT DES-CBC [RFC2405] (3) The Last Call comment suggests changing the SHOULD+ for AES-CBC to MUST. Are any of these encryption algorithms patented? Almost certainly not. DES was patented, but the patent was never enforced; it has long since expired. (Trivia: IBM filed a statement saying that DES was royalty-free *if* used in one of the NIST-approvedd modes of operation. But they never went after anyone who used it in other ways.) To my knowledge, 3DES was never patented; even if it had been, it was first publicly described in 1979, so I doubt that any patent would still be valid. AES itself had to be unencumbered; see http://csrc.nist.gov/CryptoToolkit/aes/pre-round1/aes_9709.htm#sec2d . The designers of Rijndael never even attempted to patent it; see the text quoted in RFC 3602 or the old Rijndael home page. CBC dates from at least 1980 -- I seem to recall 1978, but I don't have a citation handy. That leaves CTR mode. I doubt very much that it's patented, since it's been very well known for many years and NIST rarely standardizes patented algorithms in this space (which I know you appreciate...). However, I don't have any citations to prove this negative. --Steve Bellovin, http://www.cs.columbia.edu/~smb ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: MUST implement AES-CBC for IPsec ESP
For ESP encryption algorithms, the document that was sent out for Last Call contains the following table: RequirementEncryption Algorithm (notes) --- MUST NULL (1) MUST- TripleDES-CBC [RFC2451] SHOULD+AES-CBC with 128-bit keys [RFC3602] SHOULD AES-CTR [RFC3686] SHOULD NOT DES-CBC [RFC2405] (3) The Last Call comment suggests changing the SHOULD+ for AES-CBC to MUST. Are any of these encryption algorithms patented? /Larry Rosen Lawrence Rosen Rosenlaw Einschlag, a technology law firm (www.rosenlaw.com) Stanford University, Lecturer in Law 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243 Skype: LawrenceRosen Author of Open Source Licensing: Software Freedom and Intellectual Property Law (Prentice Hall 2004) -Original Message- From: Lakshminath Dondeti [mailto:[EMAIL PROTECTED] Sent: Saturday, January 20, 2007 1:35 PM To: Russ Housley Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; ietf@ietf.org Subject: Re: MUST implement AES-CBC for IPsec ESP What are the export implications due to this? A compliant ESP implementation MUST include the DES cipher due to this change. With status quo, a compliant ESP implementation can be used for integrity protection alone with NULL encryption. regards, Lakshminath Russ Housley wrote: During the IETF Last Call for draft-manral-ipsec-rfc4305-bis-errata, we received a comment that deserves wide exposure. For ESP encryption algorithms, the document that was sent out for Last Call contains the following table: RequirementEncryption Algorithm (notes) --- MUST NULL (1) MUST- TripleDES-CBC [RFC2451] SHOULD+AES-CBC with 128-bit keys [RFC3602] SHOULD AES-CTR [RFC3686] SHOULD NOT DES-CBC [RFC2405] (3) The Last Call comment suggests changing the SHOULD+ for AES-CBC to MUST. I support this proposed change, and I have asked the author to make this change in the document that will be submitted to the IESG for consideration on the Telechat on January 25th. If anyone has an objection to this change, please speak now. Please send comments on this proposed change to the iesg@ietf.org or ietf@ietf.org mailing lists by 2007-01-24. Russ Housley Security AD ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Copying conditions
1. Everyone is free to copy and distribute the official specification for an open standard under an open source license. Simon Josefsson wrote: I would include modify in this clause, or clarify exactly which license you are talking about (e.g., GNU Free Documentation License). Bill Sommerfeld wrote: IMHO, if modify is allowed, the license must require that modified versions are clearly distinguished from the official spec and thereby not-the-standard-you-were-looking-for. Thank you for this suggestion. I'm fine with adding the word modify if that will clarify these Open Standards Principles. The words under an open source license later in that sentence includes all the rights conveyed by an open source license, such as the right to modify and distribute copies of the specification, but saying it explicitly here makes good sense. All open source licenses permit modification. IETF should also decide whether to distribute its specifications under the GPL, OSL, SISSL or other open source license that includes reciprocity, or under an academic license that permits proprietary modifications of the specifications themselves. Please note that the open source copyright license described in Principle 1 that applies to the specification itself may not be sufficient for you to make, use or sell your modified, non-conforming versions. That is because the affirmative patent licenses described in Principles 2 and 3 may be limited in scope to embodiments of an open standard. You may need to obtain additional patent licenses from other companies in order to implement non-standard functions in your software. Almost all patent owners insist upon such field of use limitations in their patent licenses for standards. Take a look at the patent statements filed with the IETF and other standards organizations and you'll see this over and over from most major companies. Open source can live with this; we already agreed to do so in W3C. /Larry Lawrence Rosen Rosenlaw Einschlag, technology law offices (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * fax: 707-485-1243 email: [EMAIL PROTECTED] ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
RE: Copying conditions
Sam Hartman wrote: Speaking as an individual, *not* as an AD, I'd love to see the free software community get together and give input to the IETF (possibly in the form of an informational RFC) on the following issues: 1) Extracting tables and code from IETF standards for use in free/open- source software. 2) What patent holders who would like to license software should do if they want to create a license that open-source/free software authors can use when licensing technology in Internet standards. I addressed your two items in the Open Standards Principles I emailed to this list earlier this week. These principles describe the licenses that must apply to copyrighted and patented IP in IETF specifications in order to make them compatible with free and open source software. With respect to copyrighted works (your item #1) contained in IETF specifications to be used in free/open source software: 1. Everyone is free to copy and distribute the official specification for an open standard under an open source license. With respect to patent claims (your item #2) necessary to implement IETF specifications in free/open source software: 2. Everyone is free to make or use embodiments of an open standard under unconditional licenses to patent claims necessary to practice that standard. 3. Everyone is free to distribute externally, sell, offer for sale, have made or import embodiments of an open standard under patent licenses that may be conditioned only on reciprocal licenses to any of licensees' patent claims necessary to practice that standard. 4. A patent license for an open standard may be terminated as to any licensee who sues the licensor or any other licensee for infringement of patent claims necessary to practice that standard. 5. All patent licenses necessary to practice an open standard are worldwide, royalty-free, non-exclusive, perpetual and sublicenseable. If you think it would be useful to submit these five Open Standards Principles as an informational RFC, certainly I can do that. But perhaps they can be discussed here first in their current form without that formality. I welcome comments and suggestions. /Larry Rosen Lawrence Rosen Rosenlaw Einschlag, technology law offices (www.rosenlaw.com) 3001 King Ranch Road, Ukiah, CA 95482 707-485-1242 * fax: 707-485-1243 email: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sam Hartman Sent: Friday, December 10, 2004 2:07 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Copying conditions Simon == Simon Josefsson [EMAIL PROTECTED] writes: Simon [EMAIL PROTECTED] (scott bradner) writes: For IDN, I want to be able to extract the tables from RFC 3454 and use them in my implementation. For Kerberos, I want to be able to use the ASN.1 schema in my implementation, and copy the terminology section into my manual. For SASL, I want to incorporate portions of the introduction section from the RFC into my manual, to make sure some terminology is explained correctly. For GSS-API, I want to be able to copy the C header file with function prototypes into my implementation. just so there is no misunderstanding - the intent of RFC 3668 was to permit such extractions and there was (and is) no desire to restrict such extractions I, as editor, state publicly that I think that RFC 3667 permits such extractions, we (or maybe I) may have not made that clear enough in RFC 3667, but I think that RFC 3667 supports these uses Simon I have received preliminary feedback from IPR specialists Simon that seem to indicate to me that neither the old RFC Simon copying conditions, nor the new copying conditions in RFC Simon 3667, would permit all of the above extractions into free Simon software. Simon I am working on getting them to explain their reasoning on Simon the Free Software Foundation's web pages (presumably at Simon [1]), which I believe would be useful input for the IPR Simon working group, but the process has been slow. I hope I'm Simon not putting words in their mouth by stating that my Simon interpretation of what they said is that there is a Simon problem. Simon Do the IETF care about free software enough to work on Simon modifying the copying conditions of future RFCs? Speaking as an individual, *not* as an AD, I'd love to see the free software community get together and give input to the IETF (possibly in the form of an informational RFC) on the following issues: 1) Extracting tables and code from IETF standards for use in free/open- source software. 2) What patent holders who would like to license software should do if they want to create a license