login
Search
Following the recent excitement over a potentional vulnerability in TCP [story], Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. Robert says:
"If technology in this document is included in a standard adopted by IETF and any claims of any Cisco patents are necessary for practicing the standard, any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard."
In response, OpenBSD creator Theo de Raadt [interview] said, "The Cisco/IETF recommendations contain numerous problems and issues. They should not be followed. We have better fixes in OpenBSD. Other vendors should be looking at these." For example, as mentioned in our earlier article about TCP reset attacks [story], with the IETF's/Cisco's recommendations in place it would be possible for an attacker to use one host to potentially flood another. A full discussion of OpenBSD's alternative solutions will be explored in our upcoming article, "Understanding TCP Reset Attacks, Part II".
From: Edward A. Gardner [email blocked] To: misc Subject: Re: tcp vulnerability Date: Tue, 11 May 2004 16:18:15 -0600 Since this seems to be the week for depressing political discussions on this list... About April 20 there was a discussion here of a so-called tcp vulnerability problem. Yesterday there was an announcement on the relevant IETF list that Cisco has applied for a patent on the proposed fixes. See: http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt I don't claim to be all that knowledgeable on the various tcp stack implementations out there, or even OpenBSD's ways of avoiding this. But this does smell awfully bad. Is it any different than: 1. Cisco ships buggy implementation and gets bitten. 2. Cisco debugs said implementation. 3. Cisco files for patent on a bug-free implementation. Unfortunately, given the absurd state of the US patent system, such a patent will probably issue. The US patent system is so broken. And now I read that the EU commission is going to adopt it. Edward A. Gardner eag at ophidian dot com Ophidian Designs 719 593-8866 voice 1262 Hofstead Terrace 719 210-7200 cell Colorado Springs, CO 80907
From: Theo de Raadt [email blocked] Subject: Re: tcp vulnerability Date: Tue, 11 May 2004 16:36:59 -0600 > Since this seems to be the week for depressing political discussions on > this list... > > About April 20 there was a discussion here of a so-called tcp vulnerability > problem. Yesterday there was an announcement on the relevant IETF list > that Cisco has applied for a patent on the proposed fixes. See: > > http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt > > I don't claim to be all that knowledgeable on the various tcp stack > implementations out there, or even OpenBSD's ways of avoiding this. But > this does smell awfully bad. Is it any different than: > > 1. Cisco ships buggy implementation and gets bitten. > 2. Cisco debugs said implementation. > 3. Cisco files for patent on a bug-free implementation. The Cisco/IETF recommendations contain numerous problems and issues. They should not be followed. We have better fixes in OpenBSD. Other vendors should be looking at these. And people should be phoning Cisco and telling them that they will not be buying their products.
From: Theo de Raadt [email blocked] Subject: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Date: Tue, 11 May 2004 16:31:27 -0600 IETF is utterly diseased. Cisco can't help it -- this is a US business model. Patenting security. Feel free to give Robert at Cisco a call. I wonder if he knows about the song yet. http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt Title: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Received: April 26, 2004 From: Robert Barr <rbarr@cisco.com> Cisco is the owner of one or more pending patent applications relating to the subject matter of "Transmission Control Protocol security considerations" <draft-ietf-tcpm-tcpsecure-00.txt>. If technology in this document is included in a standard adopted by IETF and any claims of any Cisco patents are necessary for practicing the standard, any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard. For information contact: Robert Barr Worldwide Patent Counsel Cisco Systems 408-525-9706 rbarr@cisco.com ------- End of Forwarded Message
The problem is not Cisco or Robert Barr
In some ways I see it is too late, but before completely assassinating Robert Barr and Cisco, you should keep in mind Robert's comment that he made a couple of years ago about patents and innovation. A simple google search returns this article.
http://swpat.ffii.org/papers/ftc02/cisco/index.en.html
It is true that the US Patent system is broken, but not participating will easily lead to a company's demise.
"Hate the game, not the player."
-Anon
?
"It is true that the US Patent system is broken, but not participating will easily lead to a company's demise."
Isn't that exactly what cisco would like its customers to believe ?
"Hate the game, not the player."
There are neither game nor player to hate, that would be waste of time. All there's to do is to improve the situation, like openbsd is already doing.
Boris