TLS-authz

TLS-authz is the short name for a patented set of extensions to the Transport Layer Security (TLS) protocol has been proposed as a standard within the IETF.

Rejected as a standard, this proposal is now being considered for approval as an "experimental" or "informational" standard. Despite the name, these are almost as influential as normal standards as confirmed by Sam Hartman, Security Area Director:

[O]ften it seems that we use informational as a way to publish things we cannot build a strong consensus behind. I think that process is generally problematic and would like to avoid it in this instance.^[1]

Current status

The current status can be seen on the IETF's Internet-Draft Tracker: housley-tls-authz-extns

As of July 2009, the proposal is still being discussed and is being reviewed by an "AD". An AD is a person who has a vote (e.g. there are 15 ADs in this vote).

RedPhone's patent declarations

Declaration 1026, by RedPhone, cites patents which are necessary for implementing TLS-autz. Declaration 1026 "updates" (replaces?) declaration 940, which in turn updated declaration 912. The patent licence is considered insufficient to allow free software implementations and FSF called multiple times for TLS-authz to be opposed.^[2][3]

There was also a declaration 833 which was relevent, but that page is blank ("removed at the submitter's request"). It's possible that this was a still-earlier declaration in what is now declaration 1026.

Related pages on ESP Wiki

• Harm to standards

External links

• https://datatracker.ietf.org/idtracker/draft-housley-tls-authz-extns/
• https://datatracker.ietf.org/drafts/draft-housley-tls-authz-extns/
• The TLS-authz draft, version 7
• Feb 2007: IETF mailing list thread
• FSF's comments, submitted to the October 2007 consultation
• FSF's comments, submitted to the February 2009 consultation
• Analysis by Simon Josefsson of how RedPhone's patent licence is insufficient for free software

References