On 2/19/2016 11:39 AM, t.petch wrote:
So until it is, or is just about to be, an RFC, I don't know whether or not a technology will be encumbered by an IPR claim and I know of nothing that the participants can say to allay my concerns (the company's lawyers might be able to:-).
That seems like something you need to worry about no matter what the protocol is or where it originally came from. If a company wants to torpedo the standards process then they've always got lawyers. It doesn't matter how silly their claim is, they can tie it up in lawsuits for years.
The only thing we have to fight back is the threat to walk away from them as a customer if they don't use a standard for this. Honestly, I've got enough troubles trying to get vendors to adopt tacacs+ without someone adding proprietary extensions. If they want to try it I can see us staying on the existing tacacs+ for another 20 years.
The flip side to this is, if the IETF drags out this fight for too long, I could see major vendors making their own efforts to secure the protocol prior to anyone making a standard (possibly because a large customer demands the protocol be secured for whatever reason). If that happens, we might be stuck with TACACS+TLS from one vendor that doesn't interoperate with TACACS+blowfish from another (hopefully all with the ability to fallback to the defacto standard if needed.. or perhaps we just run 3 separate servers with different extensions to support multiple vendors..)
Maybe not. It's been 20 years. It's possible it's just too obscure to worry about, but we won't know until it happens.
Tom Petch
Robert _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
