Cisco Applies For Patents To Secured TCP 290
An anonymous reader writes "Following the recent excitement over a potential vulnerability in TCP, Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. KernelTrap has the full details."
Re:Oh goody. (Score:2, Informative)
OpenBSD (Score:4, Informative)
Re:Well... (Score:3, Informative)
Re:Did ANYONE RTFA??? (Score:2, Informative)
Cisco turning into junk, as is linksys. (Score:4, Informative)
I'm not affiliated with any of the above companies. I just thought I'd mention that linksys is junk and owned by cisco. So maybe it's a family trait.
Re:Did ANYONE RTFA??? (Score:3, Informative)
In all likelyhood you very well may be right. I don't know what Cisco thinks the market for licences to their patch happens to be, so neither of us are likely to be "correct" in our valuation.
-Rusty
Re:Did ANYONE RTFA??? (Score:5, Informative)
Hi Nathan There is no patent and there is no standard, so it's a bit premature.
But if a patent does issue and a standard is approved, this is our policy
Cisco will not assert any patents owned or controlled by Cisco against any party for making, using, selling, importing or offering for sale a product that implements IETF RFCXXXX, provided, however that: Cisco retains the right to assert its patents (including the right to claim past royalties) against any party that asserts a patent it owns or controls (either directly or indirectly) against Cisco or any of Cisco's affiliates or successors in title; and Cisco retains the right to assert its patents against any product or portion thereof that is not necessary for compliance with RFC XXXX.
Royalty bearing licenses will also be available as an option.
Please let me know if you have any questions.
Robert Barr
NOT AN IETF RECOMMENDATION (Score:3, Informative)
It is just an Internet-Draft (ID), that has been submitted for IETF approval. The IETF haven't reviewed it yet, nor taken a position on whether it should be a standard or not.
I could submit a ID for a protocol for standing on my head. That doesn't mean it is an IETF recommendation or that it will be.
With all the FUD being expressed by people who don't know much (anything?) about the IETF and its processes, maybe the next higher level after RTFA should be GAFC (Get A F**king Clue).
More from Theo and Company (Score:4, Informative)
QUOTE
What's very amusing is reading section 5 of the draft, wherein the author distributes credit to a number of parties. If Cisco were to file a patent at this point and not include those parties (including other companies), the patent validity would be at risk by reason of excluding a contributor. If Cisco does include all of those other companies in the patent, then all of them must also present the IETF with relevant IPR statements.
Frankly, this is yet another PR blunder by Cisco. If they had simply said nothing or formally put their contribution into the public domain, they wouldn't look so egregiously greedy.
ENDQUOTE
From the 10EAST archive [theaimsgroup.com], as quoted in kerneltrap...Theo has some choice comments about the US Patent System and the IETF, too.
IOW, yet again, Cisco trying to cash in on Open Source, in order to desperately prop up their miserable recent record of development, innovation and security, as well as theft from the Open Source Community, in order to keep their stock price up and keep from being listed on F'd Co., where they belong.
Re:Did ANYONE RTFA??? (Score:5, Informative)
On May 12, 2004, at 12:46 PM, Robert Barr wrote:
> Okay, I get that point now, but is there anything stopping Cisco from
> asserting its patents just for the hell of it?
Yes, my written statement above would stop us. I can turn it into a contract if that is necessary, but I don't think it is. Anybody who relies on that statement is protected, but I guess they should consult their own lawyer.
> You say that Cisco will only assert its patent against someone who
> tries to assert a patent against Cisco, but what is stopping
> Cisco from just doing it anyway?
see above.
> ie, the methods are integrated into the Linux Kernel TCP/IP stack and
> gain wide acceptance, and Cisco then sees value in trying to claim that
> all users of Linux need to pay Cisco a licensing fee of $200 per CPU to
> use the proprietary, patented methods included in Linux.
>
> I know its far-fetched, but 3 years ago, anyone saying that SCO would
> try to claim ownership of Linux would be laughed at.
SCO never made a statement like I did
> What agreement can open source projects enter into with Cisco to ensure
> that the above is legally impossible?
I'll execute an agreement with those terms if necessary
> Lastly, the GPL states:
>
> "Finally, any free program is threatened constantly by software
> patents. We wish to avoid the danger that redistributors of a free
> program will individually obtain patent licenses, in effect making the
> program proprietary. To prevent this, we have made it clear that any
> patent must be licensed for everyone's free use or not licensed at
> all."
Prof Eben Moglen says this about GPL, I think it applie
"Section 7 prohibits distribution under GPL if you cannot fulfill the requirements of the license because of other conditions *imposed* on you by, among other things, a judgment of patent infringement, interim measures short of judgment, such as a preliminary injunction, or contractual limitations such as non-disclosure agreements or patent licenses. But you are not unable to distribute under GPL unless those requirements have been *imposed*. Until a particular party distributing GPL'd code has either accepted a license whose requirements are incompatible with GPL or has been ordered by a court of competent jurisdiction to do or refrain from doing in a fashion incompatible with GPL, there is no direct conflict with the requirements of the license, and no requirement to refrain from distribution. With regard to patents, in particular, no one *ever* has an obligation to refrain from making, using or selling technology that *may* practice patent claims solely because someone somewhere has taken a patent, claims to have a patent, or even publishes a license. Only the demand that you in particular take a license or cease infringing triggers theoretical liability under US patent law. Whether there can be liability for damages for the period before such notification is another question, legitimately of importance to those who commercially distribute free software, but not ordinarily of significance to those who develop only, or who distribute non-commercially.
Moreover, patents are not global, only local. To say that we cannot *develop* under GPL because a patent exists in country X, and a license has been published there to which those making, using, or selling in country X *might* be asked to subscribe would go much too far. That situation certainly does not prevent development elsewhere, and distribution under GPL can certainly proceed."
***
> So, for any GPL software use Cisco's methods, Cisco will need to
> provide a guarantee that under the GPL, any future patent for these
> methods will be free for use by that GPL software.
>
> Just taking your word for it that Cisco won't assert it's patent in the
> future isn't goo
Comment removed (Score:5, Informative)
Re:Before anyone spouts off at the mouth (Score:5, Informative)
Well, programming is a feild of math. All software is a mathematical function. The only thing a computer can do is calculations.
You can hook a computer up to a speaker that produces sound, you can invent and patent that speaker, but the computer itself can only do math calculations.
Math is not an invention. Software is not an invention. You can't patent addition, you can't patent calculus, and you can't patent the math that is software MP3 calculations.
The US screwed up a case where the court upheld a patent doing a calculus integral to decide how long to cook rubber during manufacturing. You simply integrate heat over time. Simple math, if you are familiar with calculus. It was the ordinary rubber manufacturing process, they just "invented" an equation to decide how long to run the heat. That one bad ruling opened the door to software patents. The US patent office took that lousy ruling and threw the door wide open for patents on math.
Of course they don't directly let you say you're patenting math. Word the application one way and it gets rejected, word the exact same claims a different way and it gets approved. Software patent attorneys admit it's all about using "the magic words". You're patenting the process of doing some calculationon on some hardware. Ordinary PC hardware.
-
There may be method to this madness (Score:4, Informative)
"It makes more business sense to assume that, despite the fact that we do not copy other company's products, and despite the fact that we do not derive solutions to problems from the patent literature, we will be accused of patent infringement. The only practical response to this problem of unintentional and sometimes unavoidable patent infringement is to file hundreds of patents each year ourselves, so that we can have something to bring to the table in cross-licensing negotiations. In other words, the only rational response to the large number of patents in our field is to contribute to it."
He goes on to make some very interesting arguments saying...
"The patent system does not exist to protect the rights of inventors, or any particular interest group. It doesn't exist to protect what we now call "intellectual property", as if it were protectable for its own sake. The patent system exists to protect the progress of science and the useful arts. If the patent system fails to do that in certain areas, then the costs and negative effects of the patent monopoly cannot be justified. Where the patent system enables true innovation, true progress, where it enables companies to bring new products to consumers in circumstances where they otherwise would not do it, or where it disseminates knowledge that others need and want, then it's working."
So, Cisco appears to be doing this as a matter to protect their own ability to use this fix, not to prevent other from using it. That would seem to fit with his explanation posted earlier...
"That's not what it says, or what I mean to say. It says that nobody has to pay anything, or even ask for a license, unless they want to assert patents against Cisco."
You can read Mr. Barr's full statement before the FTC online (ironically enough) at
Freedom for a Free Information Infrastucture [ffii.org]
Firewall Failover with CARP and pfsync (Score:3, Informative)
CARP
The Common Address Redundancy Protocol manages failover at the intersection of Layers 2 and 3 in the OSI Model (link layer and IP layer). Each CARP group has a virtual MAC (link layer) address, and one or more virtual host IP addresses (the common address). CARP hosts respond to ARP requests for the common address with the virtual MAC address, and the CARP advertisements themselves are sent out with this as the source address, which helps switches quickly determine which port the virtual MAC address is currently "at".
The master of the address sends out CARP advertisement messages via multicast using the CARP protocol (IP Protocol 112) on a regular basis, and the backup hosts listen for this advertisement. If the advertisements stop, the backup hosts will begin advertising. The advertisement frequency is configurable, and the host which advertises most frequently is the one most likely to become master in the event of a failure.
A reader who is familiar with VRRP will find this is somewhat familiar, however there are some significant differences:
* The CARP protocol is address family independent. The OpenBSD implementation supports both IPv4 and IPv6, as a transport for the CARP packets as well as common addresses to be shared.
* CARP has an "arpbalance" feature that allows multiple hosts to share a single IP address simultaneously; in this configuration, there is a virtual MAC address for each host, but only one IP address.
* CARP uses a cryptographically strong SHA-1 HMAC to protect each advertisement.
Besides these technical differences, there is another significant difference (perhaps the most important one, in fact): CARP is not patent encumbered. See this page for details on the history of CARP and our reasons for avoiding a VRRP implementation.
pfsync
pfsync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.
In order to ensure that pfsync meets the packet volume and latency requirements, the initial implementation has no built-in authentication. An attacker who has local (link layer) access to the subnet used for pfsync traffic can trivially add, change, or remove states from the firewalls. It's possible to run the pfsync protocol on one of the "real" networks, but because of the security risks, it is strongly recommended that a dedicated, trusted network be used for pfsync. This can be as simple as a crossover cable between interfaces on two firewalls
Re:It's all about the phbs (Score:3, Informative)
Re:if tcp is copyrighted (Score:5, Informative)
Dream on:
- USPTO Grants CA Lawyer Domain-Naming Patent [slashdot.org]
- Patent Granted on Sideways Swinging [slashdot.org]
- Patent On Software Downloads Upheld [slashdot.org]
and to sum it all up:
- Enter The 'Stupid Patent Tricks' Contest [slashdot.org]
Cisco using open source code (Score:3, Informative)
Re:VRRP Patent .. Not So (Score:3, Informative)
You also need to reread that comment you linked to as it doesn't say what you are implying. Quote: