Subject: Re: Changing the PHY status reporting
To: Brad <>
From: Steven M. Bellovin <>
List: tech-net
Date: 02/18/2006 19:12:43
In message <>, Brad writes:

>> No -- VRRP is definied in RFC 3768 as an IETF Draft Standard.
>> As for IPR -- Cisco has not made such a statement, at least to the 
>> IETF.
>> is the latest document filed there; it provides for "reasonable,
>> non-discriminatory terms".   IBM has also made a claim (and a similar 
>> offer); see
>> CARP is OpenBSD's protocol to avoid the patent.  See
>> .  Also note that CARP runs as 
>> protocol 112, the same as VRRP, as a political statement by OpenBSD -- 
>> it doesn't "conflict with anything else of value".  
>> 		--Steven M. Bellovin,
>I am very well aware of the situation. I am an OpenBSD developer.
>And Cisco has also not made any guarentees of NOT exercising that patent,
>it is a risk that is unacceptable. It also does not sit well knowing Cisco
>sued Alcatel over that VRRP patent.

We agree on this point.
>It has nothing to do with a political statement. OpenBSD would use its own
>protocol number if IANA was willing to allocate a number for the protocol.

Picking 112 instead of an unused number is a political statement.  Per 
the web page I cited, OpenBSD did pick an unused number for pfsync.

The problem isn't with IANA per se; rather, they're carrying out IETF 
policy per RFC 2780.  The IETF decided, I think not unreasonably, that 
given the limited space for protocol numbers -- it's a 1-byte field -- 
there should be some control on allocation.  The OpenBSD page says that 
the problem was that they "failed to go through an official standards
organization".  I'd be astonished if that were the entire story.  RFC 
2780 requires a "Standards Action", a term defined in RFC 2434 and 
applying only to IETF activity.  Even ISO and the ITU don't qualify 
there.  The other path is via IESG action, and I'm fairly certain the 
issue was never brought before the IESG -- I was a member of the IESG 
from 2002-2004, and the IAB liason to the IESG for a while before that. 
I can't guarantee that the IESG would have approved the request, since 
it is a competitor to CARP, but in this context non-competition is most 
definitely not a requirement.  OTOH, the IESG probably would not accept
CARP as a standard, because it does compete; again, though, the 
allocation procedures do not require a standardized protocol for 
adoption.  The IESG probably would require an RFC, but for 
non-standards track RFCs that's not a huge hurdle.

Disclaimer: I was, as I said, an IESG member; I'm also the co-chair of 
the IETF's IPR working group.

As for

> No, CARP does not violate Cisco's patent. It was designed specifically
> so it does not.

That's OpenBSD's opinion.  Cisco -- or a court -- may disagree.  It's 
certainly possible to invent one's way around a patent; it's also 
possible to get that wrong, in the eyes of a court.  I'm not saying 
that OpenBSD is wrong; I'm just saying that someone independent should 
take a look.

		--Steven M. Bellovin,