Dear Working Group, TL;DR: the working group should move forward and disregard Verisign's IPR claim.
On Wed, Nov 09, 2016 at 07:47:49PM +0100, Antoin Verschuren wrote: > Just so that everyone has the same information regarding the IPR we > are discussing, the patent application and it’s EPO process can be > found here: https://register.epo.org/ipfwretrieve?apn=US.201113078643.A&lng=en > > The patent application has been officially rejected by the patent > office twice now in the past 5 years due to prior art. > [ snip ] > > That being said, we as a working group need to decide what we want to > do. > > So as a working group, we basically have only 2 options left: > 1. We could kindly convince Verisign with arguments that stallment of > this IPR claim is negatively impacting Internet security like Job has > done, and ask them to withdraw or quickly proceed with their > application. (snip) > > 2. We could jointly state that we took notice of the IPR claim, and > that no matter what the licensing terms or outcome of the application > is, we would like to standardize the solution in our Internet draft > since it is the only best solution. > > If we choose for option 2, we need to state why we think the patent > application or it’s licensing terms don’t matter to us. Given that Verisign demonstrated an unwillingness to amend their License Declaration, I'd like to support option 2. I have a few supporting notes to share regarding option 2: 1) Any draft or any mechanism that defines howto securely transfer a domainname without breaking the DNSSEC chain of trust, will inevitably be contaminated by Verisigns IPR disclosure for WO2012135492: be it EPP, RDAP, koch-dnsop-dnssec-operator-change, Fax or anything we can come up with. Enough is enough. We need this tool and variants of this tool. One US company should not be handed the power to obstruct at the expense of the global community. Tossing 'keyrelay' in the bin and starting over won't prevent Verisign from doing the exact same thing, so we might as well move this one forward. 2) Verisign's motivation for their unforthcoming attitude is irrelevant. Whether Verisign believe they can employ patent applications as a strategic device to delay drafts or whether it is mere organisational incompetence doesn't matter, the outcome is the same. Antoin is right that this anti-social behaviour needs to be addressed in a broader context, 'keyrelay' delay will serve as an excellent example of collateral damage due to poorly choosen IPR License Declarations. 3) Verisign's patent application and licensing terms for the rights they might be able to claim (if any), are likely to be confined to a narrow geographic, while on the other hand, the IETF standards serve a global audience. An RFC that is contested in one region can still be perfectly fine and usable in another region. 4) The legal ramifications and lawsuits will be handled outside of IETF anyway. Given point (1), the working group cannot improve upon the presented work in any meaningful way, which means that we'll have to accept the IPR claim as it is and deal with the fallout through normal pathways. From the looks of it, the USPTO, EPO and possible other venues will be working on this item for the years to come, regardless of what choice the IETF makes in this context. 5) Based on Antoin's write-up, I have good reason to believe prior art exists and the patent application will be shredded after careful scrutinization, just as EPO demonstrated by rejecting the patent twice already. In addition to the above, I encourage people to discuss and reevaluate their collaborations with Verisign at a later date. Kind regards, Job _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
