[1500] in cryptography@c2.net mail archive
Re: Netscape SSL Patent
daemon@ATHENA.MIT.EDU (Vin McLellan)
Tue Sep 16 13:51:15 1997
Date: Tue, 16 Sep 1997 08:50:24 -0500
To: cryptography@c2.net
From: Vin McLellan <vin@shore.net>
Mulling the Netscape patent, Adam Shostack <<adam@homeport.org>
wrote:
>> > Since this was Hickman & ElGamal's work, does the fact that flaws
in
>> > the system required a protocol rewrite mean anything?
>> >
>> > Also, what does this do to the IETF TLS work, and was the IETF
>> > notified of this by Netscape?
Tom Weinstein <<tomw@netscape.com> briskly replied:
>> It doesn't do anything to the TLS work, because we're going to try
to do
>> whatever it takes to make sure that TLS goes forward. I'll probably
be
>> able to say more in a couple days.
While we wait "a couple days," it might be reassuring to recall that
Netscape seems to be using it's committment to open standards
(controlled by national standards groups) as a key point of product
differentiation between itself and Microsoft. I realize this is only
one among many issues, but many find it heartening. Whatever the
economics and politics necessary, Netscape will want SSL/TLS control to
remain in the hands of the IETF... or another standards group.
Ben Laurie <<ben@algroup.co.uk><bold> </bold>quickly grabbed his wig
to sit in judgement:<bold>
</bold>
>Apart from the fact that Taher was involved in the TLS setup, had a
duty
>to reveal the patent application, and didn't do so. But I guess that
is
>more a problem for Netscape than TLS.
Correct me if I'm wrong, but AFAIK a patent application is not an
intellectual property right. (A property right, a priori, is legally
owned by someone, nu?)
As I read the source, rfc 2026, the IETF vigorously _invites_ any
interested party to come forward with information about (a) any IPR, or
(b) any intellectual property claim -- specifically including patent
applications -- which might be relevant to a proposed standard.
What is _required_ of contributors (the "duty" Ben noted) is both more
and less.
A contributor is required to note, so far as he knows, any relevant
and existing IPR -- i.e., a patent, copyright, etc. -- but there seems
to be no demand that a contributor report all potential or prospective
claims that might be made by his employer or others he has signed NDAs
for.
(Were this not the case, I suspect the pool of potential WG activists
would be considerably smaller than is is even today -- limited perhaps
to consultants and others with weak or nil corporate affiliations.)
RFC 2026 (10.3.1.6) sez:
6. The contributor represents that he has disclosed the existence
of
any proprietary or intellectual property rights in the
contribution that are reasonably and personally known to the
contributor. The contributor does not represent that he
personally knows of all potentially pertinent proprietary and
intellectual property rights owned or claimed by the
organization
he represents (if any) or third parties.
Suerte,
_Vin
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which
by its nature will resist efforts to restrict it to bureaucrats and
others who deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <<vin@shore.net> *
53 Nichols St., Chelsea, MA 02150 USA <<617> 884-5548
