Max, Alan, First, thank you for your review and expressing that this is an important step in moving the mobile network authentication schemes to present-day crypto approaches :-)
With regards to the IPR question, I want to stay away from discussing anyone’s licensing conditions, as I don’t represent anyone and also because of anti-trust. However, I think it would be useful to understand the situation: The proposed specification is an extension of RFC 5448 or EAP-AKA'. That RFC already had a similar IPR declaration from someone else, back 10 years ago when it was being specified. Yet, the declared or other potential IPR constraints do not appear to have slowed the adoption of this RFC in the industry. The phone that I’m writing this on implements EAP-AKA’ for instance. And there are open source implementations. Also, a likely use case for this is in 5G, but in a (say) 5G phone there will be other technologies, not all unencumbered. We could do this particular extension in a different way to avoid this particular license, but it wouldn’t necessarily resolve all issues. In addition, new technical issues might arise. For instance, I predict that the ability to perform PFS in the same number of roundtrips for the registration exchange is important for the potential adoption of this. I wouldn’t want to trade that away for instance, if using different technology meant doing that. Finally, I think we really need this for the users. So from my perspective there’s a clear need for this and I see no evidence that previous situations in this particular case have slowed deployment in any fashion. Also, this particular extension doesn’t change the overall situation with regards to EAP-AKA’. Does that help reduce your concerns? Jari _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
