[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: SRP status

    Can you clarify the statement
    "...and that have been commercially deployed without licensing another
    organization's patents."
    Aren't you talking here about the patented SPEKE methods ?
    Ofer Biran
    Storage and Systems Technology
    IBM Research Lab in Haifa  972-4-8296253
    David Jablon <> on 26/03/2002 23:37:45
    Please respond to David Jablon <>
    Sent by:
    Subject:    Re: iSCSI: SRP status
    Here are a few points to add to this summary of recent
    events regarding SRP.
    The first is simply that the just-posted policy letter from
    Phoenix legal was presented and discussed in Minneapolis.
    While I won't attempt to summarize that discussion here,
    I have relayed the concerns expressed back to Phoenix.
    A second point is a delicate one, related to larger IETF
    policy in general. Concern was expressed at the meeting that
    the WG appears to be changing the content (if not the
    requirements too) of a proposed standard, based on
    unconfirmed rumor.
    The fact that a patent holder has refused to confirm or deny
    such rumors, or provide a license policy statement, is
    surely a concern.  But this concern may mask a pernicious
    problem.  Such WG behavior allows anyone to start
    unresolvable rumors of potential patent coverage in order to
    steer a group in arbitrary directions.  Unfortunately, IETF
    policy and tradition make open discussion of the legitimacy
    of such rumors very difficult.
    Concern was expressed at the meeting about security
    dangers inherent in designing a new method, such as some
    kind of mutually-authenticating variant of CHAP.  Even
    beyond the security concerns, it may be impossible for the
    group to determine that a newly proposed method is patent-
    free.  The standard practices of using evidence of
    surviving years of cryptographic review to establish
    security, or commercial use to establish unencumbrance,
    both may not work for methods still-to-be described.
    The draft-jablon-speke-00.txt presented to the WG on this
    list and at the meeting specifically describes methods that
    provide the benefits of SRP, but are less structurally
    related to EKE.  It describes methods that have survived
    5 years of public scrutiny, that achieve higher goals than
    the just-proposed alternatives, and that have been
    commercially deployed without licensing another
    organization's patents.
    In presenting this information, I am clearly staying within
    the guidelines of longstanding written IETF policy, but
    clearly coming up against IETF tradition in talking as
    openly as possible about such sensitive issues.
    I hope that the group will carefully consider these methods,
    in addition to any soon-to-be proposed variants of CHAP
    or Diffie-Hellman, as they review their security and
    functionality objectives.
    Furthermore, in light of the repeated attempts to get
    another company to clarify or simplify it's license
    position, I would hope that any group or individual with
    concern about the Phoenix position will make their concerns
    known to the company, or to me personally, and I'll do my
    best to get an acceptable response.
    -- David Jablon


Last updated: Tue Mar 26 15:18:16 2002
9308 messages in chronological order