Sean Turner writes: > BCP 79 makes this important point: > (b) The IETF, following normal processes, can decide to use > technology for which IPR disclosures have been made if it decides > that such a use is warranted.
https://cr.yp.to/2025/bcp-79-issues.html covers that argument (giving the same quote), and also covers the following counterargument: "this is overridden by BCP 79âs subsequent text (quoted above) imposing a more specific requirement upon mandatory-to-implement security technology and imposing a higher bar for exceptions". The page also distinguishes the two separate BCP 79 requirements at issue. What matters at adoption time is BCP 79's change-control requirement; that requirement doesn't have the same exceptions. The other requirement can be met after adoption, as I explained before, so I think the TLS discussion of that can and should be deferred, especially if people are confusing it with the change-control requirement. Note that this differs from the situation in LAMPS, where a spec is on the same patented algorithm but is at a different WG stage (last call), forcing consideration of both of the BCP 79 issues (if that spec can reach consensus otherwise, which hasn't been established at this point). Anyway, https://cr.yp.to/2025/bcp-79-issues.html includes links for all of these arguments and counterarguments. I believe the page covers every point that has been raised, structured in a way that shows when point B is in response to point A. I'd appreciate it if anyone who sees anything missing can let me know, of course on list for transparency. ---D. J. Bernstein
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
