Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Patents Security The Internet Your Rights Online

Cisco Applies For Patents To Secured TCP 290

An anonymous reader writes "Following the recent excitement over a potential vulnerability in TCP, Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. KernelTrap has the full details."
This discussion has been archived. No new comments can be posted.

Cisco Applies For Patents To Secured TCP

Comments Filter:
  • by Anonymous Coward on Tuesday May 11, 2004 @08:20PM (#9123051)
    and you use it illegally, you're in trouble.

    only the criminals will have network connections
    • by DaHat ( 247651 ) on Tuesday May 11, 2004 @08:44PM (#9123227)
      So in the future a criminal could use a pirated wireless connection, using a pirated connection protocol to download pirated music and movies? Neat!

      On the plus side, the (MP|RI)AA would be just as illegal in hunting you down... maybe I should take up P2P trading.
    • Comment removed (Score:5, Informative)

      by account_deleted ( 4530225 ) on Wednesday May 12, 2004 @12:18AM (#9124161)
      Comment removed based on user account deletion
      • by BiggerIsBetter ( 682164 ) on Wednesday May 12, 2004 @02:57AM (#9124638)
        Right - the implementation of ideas. Except it's not, because the USPTO allows processes - ideas themselves - to be patented.

        If it was as simple as implementation (binary or even source code), "we" could write a new implementation that was compatible with their one (did the same thing in a different way), and multi-vendor secure TCP comms could happen. Unfortunately it's not that simple because they've likely patented the processes, although we'd have to wait for the patents to be available to see, I think.

        This is actually rather risky for Cisco, because they may cut themselves off from everyone else. If OpenBSD indeed has a better and free solution, organisations should be using them. The result then is no secure communications if your non-Cisco equipment talks to Cisco equipment (unless Cisco implements the OpenBSD stuff too...).

        Presumably the USPTO is smart enough to shoot down a process patent that's based on published recommendations by a third party, but maybe there's something clever in Cisco's particular implementation that's worthy. Either way, I suspect Cisco has just killed an otherwise reasonable way of doing secure TCP on the public Internet.

        And props to people like the OpenBSD guys for being there and continuing to grind out alternative and often better solutions.

  • Well... (Score:5, Interesting)

    by Short Circuit ( 52384 ) <mikemol@gmail.com> on Tuesday May 11, 2004 @08:21PM (#9123056) Homepage Journal
    They better hope their applications are dated before the recommendations.
    • Re:Well... (Score:3, Informative)

      Not necessarily. I believe you have a year to make the application after it becomes public. However, they better have some strong records to back up the claims that they made the invention at an earlier date.
    • Re:Well... (Score:5, Interesting)

      by arivanov ( 12034 ) on Wednesday May 12, 2004 @04:08AM (#9124839) Homepage
      Depends from what perspective. They have already pulled out the stunt of suing Aclcatel and OpenBSD for VRRP without doing the proper patent disclosure in IETF. So one more case one less is not going to change a lot.

      Methinks that it is much more interesting that there were people from outside Cisco working on that vulnerability. If I recall correctly the list there was Juniper and someone else there as well. So unless Cisco did the correct paperwork with these guys they are fully entitled to sue Cisco's arse flat.

      In btw, it is quite time someone questions the exact origin of SSL, SSH, NTP and a few other items in IOS which are known to be bug for bug compatible with OSS code and do not have stated copyrights in the IOS release notes.

      • ...it is quite time someone questions the exact origin of SSL, SSH, NTP and a few other items in IOS which are known to be bug for bug compatible with OSS code and do not have stated copyrights in the IOS release notes.

        Parent raises a very good point. While Cisco has acknowledged [cisco.com] other use of open source code in the past, I've wondered if there was a use of the same source or maybe just shared libraries that caused vulnerabilities in openssh to affect the IOS, and the same with openssl. Cisco developers

  • Oh goody. (Score:5, Insightful)

    by SatanicPuppy ( 611928 ) <Satanicpuppy@gmai[ ]om ['l.c' in gap]> on Tuesday May 11, 2004 @08:21PM (#9123059) Journal
    Do you think they'll patent the backdoor they're planning on putting in it? I'd hate to have to reverse engineer that.

    I used to be very pro-cisco, but with the recent "Self protecting networks" ads that are misleading at best, and the backdoor snafu, I don't see how I could reccomend to anyone that they're worth the cost.
    • Re:Oh goody. (Score:5, Insightful)

      by ncurses ( 764489 ) on Tuesday May 11, 2004 @08:22PM (#9123068)
      I can't stand those ads either. It is not possible to defend against humans from the inside. That's liek trying to build a car that is intentionally-driving-over-a-cliff proof.
      • by SatanicPuppy ( 611928 ) <Satanicpuppy@gmai[ ]om ['l.c' in gap]> on Tuesday May 11, 2004 @08:34PM (#9123163) Journal
        Phb: "Oh, SELF PROTECTING NETWORK! Oooo! We need one of those!"

        Such crap. It's like those blatantly false microsoft ads where they show microsoft office as a wonderful beautiful thing. I've worked with office for years, and the only time I danced through my office with a newly printed office document involved a printer incompatibility, a long project, and way too much coffee.

        Show me an ad that says, "Hey this works okay most of the time," or "this router can detect and contain unusual network activity, so viri spread slower" and that's a product that I can trust. Promising pie in the sky only works for idiots.
        • by Dimensio ( 311070 ) <[moc.uolgi] [ta] [ratskrad]> on Tuesday May 11, 2004 @08:48PM (#9123253)
          Show me an ad that says, "Hey this works okay most of the time," or "this router can detect and contain unusual network activity, so viri spread slower" and that's a product that I can trust. Promising pie in the sky only works for idiots.

          It's been my experience that the idiots are the ones making the purchasing decisions, hence the nature of the advertising.
          • I agree completely, thus the "Pointy-Haired Boss" reference.

            My mother is just like this. I can tell her something over and over and over again, and it means nothing to her. But if she hears the same thing from a random, poorly-informed stranger, it's a proven fact.

            It's sad that they know enough to hire skilled people, and then choose to listen to simplistic (though slick) advertising instead.
          • by Frobnicator ( 565869 ) on Tuesday May 11, 2004 @10:17PM (#9123737) Journal
            It's been my experience that the idiots are the ones making the purchasing decisions, hence the nature of the advertising.
            It's not just the idiots. If you didn't know anything else about the product, which would you buy?
            • Product A -- Claims to be 73% good.
            • Product B -- Claims to be 96% good.
            • Product C -- Claims to be 99.999% good.
            • Product D -- Claims to be 100% good.
            Being skeptical, you would probably pick product A has having truthful ads. Product B, you might think, has really good real-world performance. Product C is just marketing hype, and product D is impossible in the real world.

            But if you see a big brand name (Microsoft, Cisco, Intel, etc.) on product C, you might say "Well, it isn't 100%, and they are a good company. Maybe it's the truth. Of course, claiming to be Product C happens, and that's where the trap is.

            It might be that you are looking at Microsoft statement claiming "5 nines" of 99.999% uptime [dell.com] (that's down for 5 minutes each year). Or Sun claiming the same 99.999% [com.com]. Or Cingular Wireless claiming 99.999% reliable networks [cingular.com], excluding several days of downtime [merit.edu] that they must not factor into their percentage. Maybe it's that 99.999% pure copper speaker cable [audiovisualonline.co.uk] you were looking for. (For the chemists, here's a site where you can buy over a dozen other '99.999% pure metal' wires [eurotitan.co.uk].) Lots of people get caught into that.

            In some cases it really is justified. If I were a chemist, maybe having iridium wire that is only 99.9% pure might cause problems, and those extra 9's might be significant. But that usually isn't the case for most marketing.

            But I don't think it's just a PHB issue, it's a problem of 'I really want the best, and I only want to spend 5 minutes to find out which one that is'.

            frob

            • by StandardDeviant ( 122674 ) on Wednesday May 12, 2004 @12:53AM (#9124264) Homepage Journal

              IAAC. Most reagents are indeed rated rather precisely with respect to their purity. For example, "spectroscopic" grade toluene is different than "hplc" grade toluene, and they're both different from "reagant" grade toluene. (These are so-called "customary" names for different purity grades. It can be a little confusing even to practitioners, so typically something will be labeled like "Reagent Grade (95%) Foo.")

              Those extra 9s frequently are important. For a plain synthesis reaction, 95% may be ok (you may just want to make some of product X to prove that it can be made, so if you have some miniscule fraction of an isomer of X due to that 5% similarly-reactive reagent impurity, it's not such a big deal). But if you're doing a really precise analysis (say ppt range), you don't want any peaks from chemically similar impurities crowding into the spectral range you're looking at.

              But yeah, outside of the actual practice of science, most anything above 99% is speculative horseshit dreamed up by a marketer. _Proving_ that something is that pure is an expensive and time-consuming prospect.

            • On my drive home from work I pass a farm selling "96% fat free milk". The first time I saw it I cracked up, now it depresses me.
              I think it should be against the trade descriptions act (UK), but it'd probably be ok.

              For those who don't realise normal full fat milk is 4% fat - hence 96% non-fat. Skimmed is c.1% fat, semi-skimmed is 1%-2%, iirc.
              I think 96% fat-free should have 4% of the fat of 'normal' full fat, not be full fat milk.

              Deceptive advertising at it's most obnoxious?

        • The DARPA is actually working on something like this. It's supposed to automatically identify a virus or worm within seconds and with no human intervention. It's then supposed to disconnect the entire network from the segment that that virus was discovered on. Sorry I don't have the link.
        • by nuonguy ( 264254 ) <{nuonguy} {at} {yahoo.com}> on Tuesday May 11, 2004 @09:04PM (#9123362)
          The point is that it works! Not because people are idiots, but because they're muggles. They don't get it. To them, the act of sending email might as well be magic for all the understanding they might have, so promising them something that's technically infeasible is worthwhile and profitable. If it's presented well, if it uses cultural memes that are accepted and understood by the target audience, if it tells them something they want to hear, it'll work.
        • by Triumph The Insult C ( 586706 ) on Tuesday May 11, 2004 @09:48PM (#9123597) Homepage Journal
          Show me an ad that says, "Hey this works okay most of the time," or "this router can detect and contain unusual network activity, so viri spread slower" and that's a product that I can trust.

          That's not a product I would trust. Routers should do one thing, and that's routing. Firewalls should be the devices that implement policies, not routers.

          It's the same premise as buggy, hole-ridden software. A good 30% of 'features' in software don't need to be there, but they are, and they introduce problems. Take Norton Systemworks (2002) ... while it's scanning the disk, you can have it animate the logo and/or play some music. Why does that need to be there? It doesn't ...

          The same goes for Cisco ... the hardware isn't spectacular, but they make up for it in software. They add feature upon feature upon feature, which leads to the code getting overly complex, which leads to bugs. You then get vulnerabilities like the one for LEAP, or now this TCP reset business, when they (the bugs) likely wouldn't exist if the routers just did routing and the engineers focused on that.
          • The logo animation is a funny thing. It actually does serve a purpose. It tells you the program is not hung. It's the same thing as those silly spinners in text mode programs (-\|/). If you have a program that's just sitting there with nothing but static text, how long are you going to wait before deciding something might be wrong?
      • Re:Oh goody. (Score:3, Interesting)

        by drinkypoo ( 153816 )
        In order to build a car that is intentionally-driving-over-a-cliff-proof you would have to take control away from the driver in many situations, at least to some degree. It would in some ways make the car more dangerous but I think using a combination of GPS, GIS (for terrain with height values), ABS, drive-by-wire throttle, and electric power steering, you could probably pull it off.

        Similarly, it is possible to protect entirely against some types of attacks and reduce the damage of others, even when the

        • Re:Oh goody. (Score:4, Interesting)

          by gstoddart ( 321705 ) on Tuesday May 11, 2004 @10:20PM (#9123753) Homepage
          No, you were right. It would make the car more dangerous.

          A car suddenly deciding it isn't willing to listen to your inputs is just scary.

          Because in any condition in which the computer takes control, the driver won't know what the hell happened, and the computer might not have all the information.

          Now if it picks me up, drives me to my destination, and goes away to refuel itsself and hang out with other cars, it is perfectly allowed to retain control at all times. =)

          (And I wouldn't trust *that* unless it was on a track with guaranteed physical distance between vehicles.)
      • Re:Oh goody. (Score:3, Interesting)

        by Maserati ( 8679 )
        They're a pretty bad rip-off of the IBM campaign. Which has been brilliant. The IBM spots don't make specific promises, but they do have a keen insight to convey. Anybody else really, really, really need a "Business Reality Detector" ?

        We do get the bosses' kids from time to time, but we use Macs :-)

      • by cgenman ( 325138 ) on Tuesday May 11, 2004 @11:00PM (#9123910) Homepage
        Actually, the router in question is very intelligent. All attempts to connect to MSN are re-routed to Google, and any software downloaded is first routed to the system admin for approval. When it recieves a query for windows update, it returns a package containing FireFox, ThunderBird, AVG antivirus, and SpyBot. I can't tell you what it installs when the user attempts to get SP2, but I can tell you that it isn't called "Lindows."

    • Re:Oh goody. (Score:2, Informative)

      by cuban321 ( 644777 )
      If you look at their Host based IDS solution it's pretty impressive. It prevents users from doing incredibly stupid things on their workstations and reports back to a central server.
      • I'm sure it's pretty cool. Most of their stuff is.

        But I bet users are still going to be doing stupid things. You can't beat stupidity, and by claiming that, in fact, they have, they lose my vote big time.

        Cisco products may have a place in a comprehensive security solution, but they're trying to claim they ARE a comprehensive security solution, and they're not.
    • but with the recent "Self protecting networks" ads

      I know my Cisco router is self protecting, everytime it gets more than a few requests at a time it shuts down all network traffic, requiring a reboot. At first I thought it was those damn bastards at /., but then i realized it was a feature!

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Tuesday May 11, 2004 @08:23PM (#9123075)
    Comment removed based on user account deletion
    • It's called ethical bankruptcy. They learned it from SCO and MS, and recently SUN.
    • by mo ( 2873 ) on Tuesday May 11, 2004 @09:04PM (#9123358)
      well, if it makes you feel any better, we just made a purchasing decision against cisco in favor of two simple linux boxes running a combination of shorewall [shorewall.net] and heartbeat [linux-ha.org]. The cost savings versus the cheapest cisco firewall that does failover was worth the effort of installing the open source software. I also highly recommend m0n0wall [m0n0.ch] for a SOHO cisco replacement. I'd chose m0n0wall over a cheaper watchguard or sonicwall box any day.
  • by bingbong ( 115802 ) * on Tuesday May 11, 2004 @08:24PM (#9123084)
    It was never the object of patent laws to grant a monopoly for every trifling device, every shadow of a shade of an idea, which would naturally and spontaneously occur to any skilled mechanic or operator in the ordinary progress of manufactures. Such an indiscriminate creation of exclusive privileges tends rather to obstruct than to stimulate invention. It creates a class of speculative schemers who make it their business to watch the advancing wave of improvement, and gather its foam in the form of patented monopolies, which enable them to lay a heavy tax on the industry of the country, without contributing anything to the real advancement of the arts. It embarrasses the honest pursuit of business with fears and apprehensions of unknown liability lawsuits and vexatious accounting for profits made in good faith. --

    Historically, the IETF has been neutral about using patents in the Standards process, and its position is summed up best in the charter of the IPR Working Group (http://www.ietf.org/html.charters/ipr-charter.htm l [ietf.org]):

    The IETF and the Internet have greatly benefited from the free exchange of ideas and technology. For many years the IETF normal behavior was to standardize only unencumbered technology.
    While the 'Tao' of the IETF is still strongly oriented toward unencumbered technology, we can and do make use of technology that has various encumbrances. One of the goals of RFC2026 'The Internet Standards Process -- Revision 3' was to make it easier for the IETF to make use of encumbered technology when it made sense to do so.

    Last year, there was an attempt to make the IETF change their policy, but it failed miserably (http://news.com.com/2100-1013-996351.html?tag=fd_ top [com.com]).

    So you can have more secure communications, but only if you pay Cisco.

    Bastards.

    • I'm not sure where it says that you'll have to pay Cisco. The IPR statement that I read clearly states:

      ...any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard.

      Admittedly, they might charge, but it doesn't say that they will. This is not new, and it might not even be news. Corporations have been doing this for a while. Look through the IETF IPR archives and y

    • by ninjaz ( 1202 ) on Tuesday May 11, 2004 @09:21PM (#9123479)
      So you can have more secure communications, but only if you pay Cisco.
      Actually, according to the "full details" link, you can have more secure communications, but only if you pay attention to OpenBSD's recommendations (and ignore Cisco's patent-encumbered implementation which isn't as good).

      This is the second time in six months OpenBSD has seriously one-upped Cisco and its patents. :-) They even wrote a song [openbsd.org] about the first!

      • Are you sure that the OpenBSD fix is not covered by the Cisco patents as filed? I would not be so sure until the patent is granted and we can compare it because it is quite likely that has been watered down and vagued to the maximum possible extent so that it covers other future fixes.
        • by ninjaz ( 1202 ) on Wednesday May 12, 2004 @05:11AM (#9125013)
          No, I'm not sure. Don't mistake me for an expert on this set of vulnerabilities. I was going by what was said in the link and on the OpenBSD misc@ mailing list.

          According to some messages on the list, Cisco was one of the worst affected by the recently announced set of TCP vulnerabilities, and OpenBSD had only minimal exposure in the first place.

          It strikes me that this may be PR ploy on Cisco's part to cover up for their past mistakes by appearing to rush to the rescue with a patent pending solution. They'll even graciously let others use them in exchange for cross-licensing. After all, if it's pending a patent, those Cisco guys must be really on the ball ...right? ;)

          Personally, I trust the OpenBSD project a great deal more than Cisco when it comes to security. I mean, OpenBSD wasn't even vulnerable to the no-workaround backdoor password issue!

          Luckily in that case, locking a user account had a considerable amount of prior art.
  • by kcbrown ( 7426 ) <slashdot@sysexperts.com> on Tuesday May 11, 2004 @08:25PM (#9123098)
    ...if it gets past the patent office (who here doubts that it will? I don't).

    The reason is that this is basically a patch to a protocol. The TCP protocol itself was a novel invention. But most patches to protocols, or to code to fix a particular problem, are fairly obvious to someone skilled in the requisite arts. Generally, the nature of the bug is what determines the solution, and often the solution is obvious to someone who is familiar with the protocol (or code) and the problem in question.

    If this gets through then you can expect a lot of patents to be filed on patches to many things, including open source projects. And that means that unless the code is protected by something like the GPL (which requires a patent license grant as a condition of redistribution), the projects (and those who maintain and use them) will be vulnerable to patent infringement suits.

    This is going to get nasty. But I think most of us who have been keeping track of this nonsense already know that.

  • by Anonymous Coward on Tuesday May 11, 2004 @08:27PM (#9123115)
    Official standards should not include anything that is proprietary, as that gives someone a monopoly and shuts out open source solutions. Standards should be designed so that everyone can use them without having to pay royalties.
    • Not necessarily. Many standards are based on patentented technology. eg. SmartMedia includes FAT (Microsoft), various SAE/ISO specs include CAN(Bosch). What is bad though is if the patent is then used to leverage power in a bad way.
    • If technology in this document is included in a standard adopted by IETF and any claims of any Cisco patents are necessary for practicing the standard, any party will be able to obtain a license from Cisco to use any such patent claims under

      reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard.

      I guess we'd have to trust them as to the meaning of reasonable or reciprocity eh? (Does reasonable mean "just don't fsck with us and we won't fsck with you" or is i

  • What is.... (Score:2, Funny)

    by wpiman ( 739077 )
    exitement?


    Is that a cross between excitement and excrement?

  • by sacremon ( 244448 ) on Tuesday May 11, 2004 @08:34PM (#9123162)
    Unless Cisco licenses the technology and other companies bite, I don't see this getting very far on the Internet. Too much of the backbone is comprised of equipment from multiple vendors. I work for a large Tier 1 ISP. Most of the edge routers are Cisco, but the core routers are Juniper. Things get even messier in a Co-location data center, where customers can be using who knows what brand of equipment to connect to the data center's network.

    • I don't see this getting very far anytime in the near future anyway...

      SSL, VPN, IPv6. They've all been around for a long time. Sure SSL is used quite a bit, but it's definitely not used the majority of the time. We've seen stats on the WiFi expos where you can pick off hundreds of POP passwords thanks to plaintext connections. It will be a long time (if ever) before this is even close to mainstream.

    • I think Cisco is in trouble here. Since this matter primarily for BGP, and is necessary to keep the internet infrastructure from being vulnerable to attack, and the internet is now considered vital infrastructure, I wouldn't be surprised if the FCC called up the PTO and told them to reject the application. Or, for that matter, if the NSA called up Cisco and told them to drop the application. Or the DHS could call up Cisco and ask about how they seem to be aiding cyberterrorism. I wouldn't be surprised if it
  • Ci...SCO ? (Score:5, Insightful)

    by horatio ( 127595 ) on Tuesday May 11, 2004 @08:34PM (#9123169)
    Bastards, patenting a public working group's suggestion for fixing the broken widget. Anyone else wonder if there is a conspiracy here? If this works for the network appliance giant, SCO might just have a case if they patent a few of the publically submitted kernel patches.
  • OpenBSD (Score:4, Informative)

    by LittleLebowskiUrbanA ( 619114 ) on Tuesday May 11, 2004 @08:36PM (#9123180) Homepage Journal
    How fortunate of a timing right after OpenBSD just decided to combat software patents with Open Source [openbsd.org].
    • The two main components provided by OpenBSD are CARP (the Common Address Redundancy Protocol) [countersiege.com], which allows a backup host to assume the identity of the primary, and pfsync, which ensures that firewall states are synchronised so that the backup can take over exactly where the master left off and no connections will be lost.

      CARP
      The Common Address Redundancy Protocol manages failover at the intersection of Layers 2 and 3 in the OSI Model (link layer and IP layer). Each CARP group has a virtual MAC (link lay
  • hmmmmm.... (Score:3, Funny)

    by j3ll0 ( 777603 ) on Tuesday May 11, 2004 @08:38PM (#9123185)
    CARS (RFC793 [1]) are widely deployed and one of the most often used reliable end to end protocols for PEOPLE TRANSPORTATION. Yet when it was defined over 20 years ago the ROAD SYSTEM, as we know it, was a different place lacking many of the threats that are now common. Recently several rather serious threats have been detailed that can pose new methods for both denial of service and possibly data injection by blind attackers. This document details those threats and also proposes some small changes to the way CARS handle inbound segments that either eliminate the threats or at least minimize them to a more acceptable level.

    I don't know if I'm for it or against it now...
  • by jonman_d ( 465049 ) <nemilar@optonlCOUGARine.net minus cat> on Tuesday May 11, 2004 @08:39PM (#9123186) Homepage Journal
    You mean Robert Barr, the man from the Redundancy Van from the monopoly of Cizzzcoo-eeeee?

    (If you don't get the joke, go check the openBSD website.)
  • Solution: (Score:3, Interesting)

    by Sebby ( 238625 ) on Tuesday May 11, 2004 @08:39PM (#9123196)
    Read my last post [slashdot.org].

    • My suggestion is to limit the number of patents a company can hold and/or apply for in a year. This forces them to keep only the truly inovative patents and discard the trival patents.
  • by TheMadPenguin ( 662390 ) on Tuesday May 11, 2004 @08:42PM (#9123212) Homepage
    NetBEUI becomes a routable protocol... :P
  • Great timing (Score:3, Interesting)

    by darkjedi521 ( 744526 ) on Tuesday May 11, 2004 @08:43PM (#9123223)
    I was planning on migrating two legacy networks off of DECnet and NETBeui over to TCP/IP transports. Considering this, I might as well leave the older protocols in place. Besides being easier to contain at the firewall (drop all non-ip), they are so old as to not be patent encumbered. Plus the netbeui stack actually fits on a floppy, unlike the MS TCP stack, which only fits after massive pruning and compression.
  • by dicepackage ( 526497 ) * <dicepackage@g[ ]l.com ['mai' in gap]> on Tuesday May 11, 2004 @08:47PM (#9123242) Homepage
    It looks like it is time to switch to IPX or NetBEUI for the internet.
  • Did ANYONE RTFA??? (Score:4, Interesting)

    by chrome ( 3506 ) <`ten.suodneputs' `ta' `emorhc'> on Tuesday May 11, 2004 @09:16PM (#9123444) Homepage Journal
    Especially the part where Robert Barr says "any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard."

    That sounds like to me that Cisco will not be charging a whole lot for this license, it will probably be one of those $1 license deals where once you have it, you have it in perpetuity.

    If Cisco don't apply for a patent, someone else WILL and those barstards might end up charging so much for the method that it never becomes a standard.

    I don't think Cisco's intent is to make the standard too expensive for it to become an actual standard in use.
    • You forget, this is /. People see "patent" and panic. People rarely read the article or patent application. I'm not sure, but it looks like this might be the application they're referencing. United States Patent Application 20040081154: Internal BGP downloader. [uspto.gov] I tend to think like you do, Cisco sees this as something that is essential to the future of TCP as a viable standard and will not charge an arm and a leg for a license.
    • by ergo98 ( 9391 )
      That sounds like to me that Cisco will not be charging a whole lot for this license, it will probably be one of those $1 license deals where once you have it, you have it in perpetuity.

      And what, exactly, do you base the "probably" on? I see it as distinctly more probable that Cisco, being a dominant player, will implement what would otherwise be a discarded solution, and smaller vendors will be basically forced to follow suit. They will, of course, have to line up to pay the Cisco tax, and that internet t
    • I'm with you, chrome. The whole point of RAND (reasonable and non-discriminatory) terms is that companies that have intellectual property that they are either required as part of company policy or believe is wise of them to protect, can participate in standards development -- but only if they agree to RAND. If you don't agree to RAND, you can't corrupt the IETF, IEEE, or other bodies by later claiming high fees.

      In many ways, Cisco is being a good citizen by saying, you can reliably go ahead and implement t
    • As CISCO has not disclosed the terms of their licencing, RAND means nothing. Setting the cost at a billion dollars, can be asserted as being Reasonable and Non Discriminatory, as the only "customer" involved would be Microsoft.

      In all likelyhood you very well may be right. I don't know what Cisco thinks the market for licences to their patch happens to be, so neither of us are likely to be "correct" in our valuation.

      -Rusty
    • by chrome ( 3506 ) <`ten.suodneputs' `ta' `emorhc'> on Tuesday May 11, 2004 @09:50PM (#9123607) Homepage Journal
      Rather than guess, I asked Robert Barr himself if I could get a license for the Linux Kernel Project, and this is what he said:

      Hi Nathan There is no patent and there is no standard, so it's a bit premature.

      But if a patent does issue and a standard is approved, this is our policy

      Cisco will not assert any patents owned or controlled by Cisco against any party for making, using, selling, importing or offering for sale a product that implements IETF RFCXXXX, provided, however that: Cisco retains the right to assert its patents (including the right to claim past royalties) against any party that asserts a patent it owns or controls (either directly or indirectly) against Cisco or any of Cisco's affiliates or successors in title; and Cisco retains the right to assert its patents against any product or portion thereof that is not necessary for compliance with RFC XXXX.

      Royalty bearing licenses will also be available as an option.

      Please let me know if you have any questions.

      Robert Barr

      • Cisco retains the right to assert its patents against any product or portion thereof that is not necessary for compliance with RFC XXXX
        Nice. This means that nobody can implement this in GPL'd software (wherever software patents apply), because the GPL requires that anybody be able to modify and redistribute the software without encumbrance, regardless of what they're doing with it. So, not in Linux.
        • by chrome ( 3506 ) <`ten.suodneputs' `ta' `emorhc'> on Tuesday May 11, 2004 @10:40PM (#9123825) Homepage Journal
          Right. I checked the GPL and it does say that.

          I got a response back from Robert, my stuff is in bold, his is the reply below:

          > If I read this correctly (IANAL, obviously) the Linux Kernel project
          > could go right ahead and use the methods that Cisco has applied patents
          > for, however at any time after a Patent has been issued (IF it is
          > issued - and I think its a fair bet its going to happen, the USPO seems
          > to rubber stamp anything out of tech companies these days) Cisco could
          > demand that the Linux Kernel project pay them whatever.


          Not at all. That's not what it says, or what I mean to say. It says that
          nobody has to pay anything, or even ask for a license, unless they want to
          assert patents against Cisco. You don't read it that way?


          Well, I'm not quite mollified by this. So I sent the following:


          Okay, I get that point now, but is there anything stopping Cisco from asserting its patents just for the hell of it?

          You say that Cisco will only assert its patent against someone who tries to assert a patent against Cisco, but what is stopping Cisco from just doing it anyway?

          ie, the methods are integrated into the Linux Kernel TCP/IP stack and gain wide acceptance, and Cisco then sees value in trying to claim that all users of Linux need to pay Cisco a licensing fee of $200 per CPU to use the proprietary, patented methods included in Linux.

          I know its far-fetched, but 3 years ago, anyone saying that SCO would try to claim ownership of Linux would be laughed at.

          What agreement can open source projects enter into with Cisco to ensure that the above is legally impossible?

          Lastly, the GPL states:

          "Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all."

          So, for any GPL software use Cisco's methods, Cisco will need to provide a guarantee that under the GPL, any future patent for these methods will be free for use by that GPL software.

          Just taking your word for it that Cisco won't assert it's patent in the future isn't good enough :)



          Now, I'll happily grant that my analysis if probably flawed, but I think I'm on the right track here ;)
    • by retro128 ( 318602 ) on Tuesday May 11, 2004 @10:05PM (#9123677)
      You do, of course, realize that if everyone who had an RFC that they charged a license fee for, the Internet would not exist at all?

      The Internet was built off of the same philosophy as OSS. It's a bunch of people putting their heads together and throwing their ideas in the ring to make things better for all involved. What if all of these people clutched their ideas to their chest and said "This is MY piece and you have to pay me to use it"?

      It doesn't matter whether or not Cisco would charge a small license fee for this new implementation. They are running against the philosophy that built the Internet in the first place. Standards must be open and free for the widest possible adaptation or you are looking at vendor lock-in ala Microsoft. In other words, to hell with Cisco.

      I did RTFA and it looks like this is a proposed draft - It has not been ratified. Cisco is saying that if it is they've got the patents. What they're going to do with it I'd rather not find out. I'm willing to bet that most vendors won't follow the new recommendation to escape potential fees/lawsuits and instead go with another implemenation...Possibly their own. And that can't be a good thing.

  • Boo to Cisco for applying for dodgy software patents.

    Yay to Cisco for being honest and telling people about it from the get-go.

  • by Luscious868 ( 679143 ) on Tuesday May 11, 2004 @09:25PM (#9123494)

    There's really nothing to be upset about. From the article:

    In response, OpenBSD creator Theo de Raadt said, "The Cisco/IETF recommendations contain numerous problems and issues. They should not be followed. We have better fixes in OpenBSD. Other vendors should be looking at these." For example, as mentioned in our earlier article about TCP reset attacks, with the IETF's/Cisco's recommendations in place it would be possible for an attacker to use one host to potentially flood another.

    Basically, the implementation that Cisco is trying to patent is also flawed. OpenBSD's implementation contains better fixes. Who cares if Cisco tries to patent a flawed fix that no one will end up using? Let them waste their money. Let's face it, this move is upsetting on principal but there's really nothing to see here ... move along.

  • by Trogre ( 513942 ) on Tuesday May 11, 2004 @09:27PM (#9123509) Homepage
    The Cisco is banished from Bejor, never to return.
    The prophets have spoken.

  • by Mustang Matt ( 133426 ) on Tuesday May 11, 2004 @09:42PM (#9123574)
    For the record... I did some tests on linksys, dlink and netgear wireless access points and linksys was the worst. Netgear was actually the only one to function in all modes as advertised with perfect stability.

    I'm not affiliated with any of the above companies. I just thought I'd mention that linksys is junk and owned by cisco. So maybe it's a family trait.
  • by Burdell ( 228580 ) on Tuesday May 11, 2004 @09:55PM (#9123630)
    If they are going to attempt to patent fixes to security problems that they had early access to (i.e. they were notified about the problem prior to it being released to the public), that access should be stripped. The idea of early access is to cooperate and fix problems as fast as possible. Patenting a solution is not cooperation, so Cisco should lose their access.

    BTW: one poster said "don't get excited, they'll do a reasonable and non-discriminitory license". That's nice, but it is useless for GPL software (unless they release an implementation under the GPL) and a trap for BSD licensed software (you can end up with code that says you can use it but you can't because of the patent).

  • by anti-NAT ( 709310 ) on Tuesday May 11, 2004 @10:23PM (#9123760) Homepage

    It is just an Internet-Draft (ID), that has been submitted for IETF approval. The IETF haven't reviewed it yet, nor taken a position on whether it should be a standard or not.

    I could submit a ID for a protocol for standing on my head. That doesn't mean it is an IETF recommendation or that it will be.

    With all the FUD being expressed by people who don't know much (anything?) about the IETF and its processes, maybe the next higher level after RTFA should be GAFC (Get A F**king Clue).

  • by Ded Mike ( 89353 ) on Tuesday May 11, 2004 @10:42PM (#9123829) Homepage
    ...as Tony says, in the BSD thread, in partial reply to Theo:

    QUOTE
    What's very amusing is reading section 5 of the draft, wherein the author distributes credit to a number of parties. If Cisco were to file a patent at this point and not include those parties (including other companies), the patent validity would be at risk by reason of excluding a contributor. If Cisco does include all of those other companies in the patent, then all of them must also present the IETF with relevant IPR statements.
    Frankly, this is yet another PR blunder by Cisco. If they had simply said nothing or formally put their contribution into the public domain, they wouldn't look so egregiously greedy.
    ENDQUOTE

    From the 10EAST archive [theaimsgroup.com], as quoted in kerneltrap...Theo has some choice comments about the US Patent System and the IETF, too.

    IOW, yet again, Cisco trying to cash in on Open Source, in order to desperately prop up their miserable recent record of development, innovation and security, as well as theft from the Open Source Community, in order to keep their stock price up and keep from being listed on F'd Co., where they belong.

  • by TheHonestTruth ( 759975 ) on Tuesday May 11, 2004 @11:21PM (#9123978) Journal
    The US needs to ditch its one year grace period. As it stands, any prior art found within a year before a patent application's filing date can be swore behind. Basically it's a way an inventor can say "I invented my invention up to a year before I filed the application." The problem is that a lot of developments, especially in software, happen within a short time frame. So if Cisco files an application on 12/31/2004, they basically can claim that any disclosures, such as newsgroup discussions, open source versions, etc that happened between 12/31/2003 and their filing date do not bar their application.

    Europe on the other hand (well, the PCT) has no grace period. Once the invention is disclosed, your rights are out the window. Adopting a policy like this would make it much harder for companies to troll newsgroups/web/discussion boards, get ideas, and file an application based on an implementation. It's not a total solution, but it would be a good start.

    As someone that was trying to invalidate an obvious patent filed on date X for a client, let me tell you that finding stuff on the web published over 1 year beforehand was a bitch. Plenty of stuff in the 6 month range, but the web wasn't full blown back in mid 90's like it is now...

    -truth

  • by eclecticIO ( 195600 ) on Wednesday May 12, 2004 @12:33AM (#9124206)
    It appears that Mr. Barr at least feels he has a good reason for applying for the patent. If you read the statement he made before the FTC during their hearing on "Competition and Intellectual Property Law and Policy in the Knowledge-Based Economy" he argues against the current patent system. However, he also explains why Cisco, under his direction, applies for so many patents:

    "It makes more business sense to assume that, despite the fact that we do not copy other company's products, and despite the fact that we do not derive solutions to problems from the patent literature, we will be accused of patent infringement. The only practical response to this problem of unintentional and sometimes unavoidable patent infringement is to file hundreds of patents each year ourselves, so that we can have something to bring to the table in cross-licensing negotiations. In other words, the only rational response to the large number of patents in our field is to contribute to it."

    He goes on to make some very interesting arguments saying...

    "The patent system does not exist to protect the rights of inventors, or any particular interest group. It doesn't exist to protect what we now call "intellectual property", as if it were protectable for its own sake. The patent system exists to protect the progress of science and the useful arts. If the patent system fails to do that in certain areas, then the costs and negative effects of the patent monopoly cannot be justified. Where the patent system enables true innovation, true progress, where it enables companies to bring new products to consumers in circumstances where they otherwise would not do it, or where it disseminates knowledge that others need and want, then it's working."

    So, Cisco appears to be doing this as a matter to protect their own ability to use this fix, not to prevent other from using it. That would seem to fit with his explanation posted earlier...

    "That's not what it says, or what I mean to say. It says that nobody has to pay anything, or even ask for a license, unless they want to assert patents against Cisco."

    You can read Mr. Barr's full statement before the FTC online (ironically enough) at
    Freedom for a Free Information Infrastucture [ffii.org]

Algebraic symbols are used when you do not know what you are talking about. -- Philippe Schnoebelen

Working...