ESP Wiki is looking for moderators and active contributors!


TLS-authz is the short name for a patented set of extensions to the Transport Layer Security (TLS) protocol has been proposed as a standard within the IETF.

Rejected as a standard, this proposal is now being considered for approval as an "experimental" or "informational" standard. Despite the name, these are almost as influential as normal standards as confirmed by Sam Hartman, Security Area Director:

[O]ften it seems that we use informational as a way to publish things we cannot build a strong consensus behind. I think that process is generally problematic and would like to avoid it in this instance.[1]

Current status

The document was published as the Experimental RFC 5878 in May 2010.

RedPhone's patent declarations

Disclosure 1026, by RedPhone, cites patents which are necessary for implementing TLS-authz. Disclosure 1026 "updates" (replaces?) disclosure 940, which in turn updated disclosure 912. The patent licence is considered insufficient to allow free software implementations and FSF called multiple times for TLS-authz to be opposed.[2][3]

There was also disclosure 833 which was relevent, but that page is blank ("removed at the submitter's request"). It's possible that this was a still-earlier disclosure in what is now disclosure 1026.

Related pages on ESP Wiki

External links