Subject: Re: Changing the PHY status reporting
To: Brad <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 02/18/2006 19:12:43
In message <20060218234454.GB8767@blar.home.comstyle.com>, Brad writes:
>> No -- VRRP is definied in RFC 3768 as an IETF Draft Standard.
>> As for IPR -- Cisco has not made such a statement, at least to the
>> IETF. http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-vrrp-spec-v2.txt
>> is the latest document filed there; it provides for "reasonable,
>> non-discriminatory terms". IBM has also made a claim (and a similar
>> offer); see http://www.ietf.org/ietf/IPR/ibm-rfc2338-rfc2787.txt
>> CARP is OpenBSD's protocol to avoid the patent. See
>> http://www.openbsd.org/lyrics.html#35 . Also note that CARP runs as
>> protocol 112, the same as VRRP, as a political statement by OpenBSD --
>> it doesn't "conflict with anything else of value".
>> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>I am very well aware of the situation. I am an OpenBSD developer.
>And Cisco has also not made any guarentees of NOT exercising that patent,
>it is a risk that is unacceptable. It also does not sit well knowing Cisco
>sued Alcatel over that VRRP patent.
We agree on this point.
>It has nothing to do with a political statement. OpenBSD would use its own
>protocol number if IANA was willing to allocate a number for the protocol.
Picking 112 instead of an unused number is a political statement. Per
the web page I cited, OpenBSD did pick an unused number for pfsync.
The problem isn't with IANA per se; rather, they're carrying out IETF
policy per RFC 2780. The IETF decided, I think not unreasonably, that
given the limited space for protocol numbers -- it's a 1-byte field --
there should be some control on allocation. The OpenBSD page says that
the problem was that they "failed to go through an official standards
organization". I'd be astonished if that were the entire story. RFC
2780 requires a "Standards Action", a term defined in RFC 2434 and
applying only to IETF activity. Even ISO and the ITU don't qualify
there. The other path is via IESG action, and I'm fairly certain the
issue was never brought before the IESG -- I was a member of the IESG
from 2002-2004, and the IAB liason to the IESG for a while before that.
I can't guarantee that the IESG would have approved the request, since
it is a competitor to CARP, but in this context non-competition is most
definitely not a requirement. OTOH, the IESG probably would not accept
CARP as a standard, because it does compete; again, though, the
allocation procedures do not require a standardized protocol for
adoption. The IESG probably would require an RFC, but for
non-standards track RFCs that's not a huge hurdle.
Disclaimer: I was, as I said, an IESG member; I'm also the co-chair of
the IETF's IPR working group.
> No, CARP does not violate Cisco's patent. It was designed specifically
> so it does not.
That's OpenBSD's opinion. Cisco -- or a court -- may disagree. It's
certainly possible to invent one's way around a patent; it's also
possible to get that wrong, in the eyes of a court. I'm not saying
that OpenBSD is wrong; I'm just saying that someone independent should
take a look.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb