TLS-authz
TLS-authz is the short name for a patented set of extensions to the Transport Layer Security (TLS) protocol has been proposed as a standard within the IETF.
Rejected as a standard, this proposal is now being considered for approval as an "experimental" or "informational" standard. Despite the name, these are almost as influential as normal standards as confirmed by Sam Hartman, Security Area Director:
[O]ften it seems that we use informational as a way to publish things we cannot build a strong consensus behind. I think that process is generally problematic and would like to avoid it in this instance.[1]
Contents
Current status
The document was published as the Experimental RFC 5878 in May 2010.
RedPhone's patent declarations
Disclosure 1026, by RedPhone, cites patents which are necessary for implementing TLS-authz. Disclosure 1026 "updates" (replaces?) disclosure 940, which in turn updated disclosure 912. The patent licence is considered insufficient to allow free software implementations and FSF called multiple times for TLS-authz to be opposed.[2][3]
There was also disclosure 833 which was relevent, but that page is blank ("removed at the submitter's request"). It's possible that this was a still-earlier disclosure in what is now disclosure 1026.
Related pages on ESP Wiki
External links
- https://datatracker.ietf.org/doc/rfc5878/
- The TLS-authz draft, revision 07
- Feb 2007: IETF mailing list thread
- FSF's comments, submitted to the October 2007 consultation
- FSF's comments, submitted to the February 2009 consultation
- Analysis by Simon Josefsson of how RedPhone's patent licence is insufficient for free software
