[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patent & licence for IPSec ?

To: "Steve Bellovin" <smb@research.att.com>
Subject: Re: Patent & licence for IPSec ?
From: "Todd S. Glassey" <TSGman@earthlink.net>
Date: Sat, 25 Jul 1998 00:11:25 -0700
Cc: "Daniel Harkins" <dharkins@cisco.com>, <ipsec@tis.com>, <sob@HARVARD.EDU>
Sender: owner-ipsec@ex.tis.com

Steve,
my apologies it took so long for me to answer as well as for involving the
IPSec list in my efforts to resolve what I consider the ambiguity and
shortcomings of the IP sections of RFC2026. It, this effort,  belongs on the
POISSON WG's list to say the least and so if you want to continue it, lets
either take it offline or onto the POISSON WG.

As a side note I am working on a new IP policy statement for potential
inclusion in the next revision of RFC2026 that I will be filing in the next
week or so in preparation for IETF-42. The new process eliminates the
possibility of these types of events by creating a structure where the legal
ability of the submitter to file the I-D, RFC, or other documents is
established and substantiated. The intent, unlike the current RFC2026 IP
text (see SS10 in particular), is to totally eliminate the possibility of
this type of Submarine IP Warfare from occurring, not to just "state that it
will not be tolerated". I'm sure that it will raise a lot of eyebrows but in
the long run, I think that some version of it might pass.

BTW - I totally disagree with your interpretation of the Dell Settlement.
Although your argument looks good at the 50,000 foot level, if you are
careful and read paragraph's one and two of the URL you provided, you will
read that VESA established the VL-Bus working group in response to a number
of already underway development processes and that in this case the
cause-of-action is that an "official of Dell allegedly made a false
statement to the standards board" as part of the board's voting on the
standard. If this is true, then the act here is that Dell, with some level
of direct intention "fraudulently misrepresented" that there were no
impending IP issues regarding VL-Bus technologies and it makes sense that
they got caught.

As they stand today, there is really nothing in the IETF filing process that
mandates this type of testimony or that any documented state of IP "state"
is necessary to achieve a RFC or Standards' status - so this type of
activity could not even happen with the current IETF process. If we had such
a policy then we would have some legal recourse in these matters. So in
closing - while I understand your intent, I still disagree with your
analysis and believe that my original commentary is valid.

Todd

-----Original Message-----
From: Steve Bellovin <smb@research.att.com>
To: Todd S. Glassey <TSGman@earthlink.net>
Cc: Daniel Harkins <dharkins@cisco.com>; ipsec@tis.com <ipsec@tis.com>
Date: 1998 July 21, Tuesday 10:48
Subject: Re: Patent & licence for IPSec ?

>In message <014e01bdb4cc$fdd16ad0$030b0ac0@cta1>, "Todd S. Glassey" writes:
>>
>> If the IETF cannot make the use of it's standards more than a crap shoot
>> then it may be doomed. What's the point of banking on a set of standards
>> where the entry fee can be years in court and millions of dollars.
>>
>> This is a serious issue, because it gets at the standards process and the
>> root of who pays for all our playpens and sandboxes. Whether we as
engineers
>> like it or not, Business and Business Process are driving the NII and all
it
>> stands fo'.
>>
>> Sorry to disagree with you but ... If the IETF cannot make its standards
>> more secure from a commercial sense then its long term form and fashion
are
>> likely to change or to be changed.
>>
>> The first time somebody sues the IETF/IESG/ISOC for creating a standard
and
>> allowing the standard-process to complete when it has either "direct
>> knowledge" or "enforced ignorance" as to the patent status of any given
>> effort - The standards effort will change forever. After all if the IETF
>> knowingly ignores the charter and in particular the IP issues inside of
>> RFC2026 and its follow successors, IMHO - the IETF could wind up liable
for
>> damages by not enforcing its publicly stated operational processes and
>> policies.
>
>Have you read RFC 2026, the current description of the IETF standards
>process?  While it's certainly true that anyone can be sued for more
>or less anything, the relevant provisions were indeed drawn up in
>consultation with a lawyer.  Briefly -- the IETF *can't* have complete
>knowledge of intellectual property claims on its work.  (Nor, I might
>add, can other standards bodies.)  What is done is to require that anyone
>who submits anything to the IETF agrees to disclose any intellectual
>property rights in the submitted material.  We also encourage people
>to make the IETF aware of any possible conflicts.  This is precisely
>what Paul Lambert has just done.
>
>Btw -- not complying with the IETF process has reprecussions for folks
>who lie about patents.  See http://www.ftc.gov/opa/9511/dell.htm for
>one example.
>

Prev by Date: RE: ESP and AH used in tunnel mode by a Security Gateway
Next by Date: Re: ESP and AH used in tunnel mode by a Security Gateway
Prev by thread: Re: Patent & licence for IPSec ?
Next by thread: Revised PKCS#1 draft available for comment [Was: RE: DH-less encryption mode for IKE]
Index(es):
- Main
- Thread