Russ Housley is a long time participant in the IETF. Housley is also a contributor to IEEE 802 security standards. As of March, 2007, Housley is Chairman of the IETF. Russ Housley is co-author of "Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure", published by John Wiley & Sons. According to information from www.Vigilsec.com, Housley received his B.S. in computer science from Virginia Tech in 1982, and he received his M.S. in computer science from George Mason University in 1992. Housley is an educated and well-respected person, and should be held to comparable standards.
On September 13, 2007, Dean Anderson subscribed to the IETF IPR-WG mailing list. Between September 28, and September 29, 2007Dean Anderson posted 5 messages to the IETF "IPR-WG" list, in response to the "Third Last Call: draft-housley-tls-authz-extns" and the related "IPR" misconduct. In these messages, Anderson vigorously makes the argument that there continues to further misconduct, and shows the relationship between the new misconduct and previous misconduct. Harald Alvestrand then blocks Anderson's email to silence the well founded arguments. Alvestrand vaguely cites the "tone" of Anderson's messages. Alvestrand has previously publicized his dislike for Anderson, and Alvestrand has been involved in related misconduct. Alvestrand reports directly to Russ Housley. For review, here are the relevant messages:
Dean Anderson lodged a complaint alleging violations of RFC3979 on September 8, 2005. The complaint was about the halt of discussion of non-patented alternatives for 3 DNSEXT drafts and about the lack of disclosure of applicable patents. The cited drafts contained extensively patented Eliptic Curve Crypto (ECC) systems, and the drafts did not have a patent disclosures. Anderson's complaint was suppressed in bad faith. Housley participated in bad faith with an undisclosed conflict of interest with his own authz-extns draft, which also did not have a patent disclosure. To carry out the improper acts, Housley also participated in the deception of the IAB on the result of the consensus call and Housley also participated in conduct contrary to the law.
Russ Housley and Mark Brown submitted a draft to the IETF standardizing a patented TLS authorization protocol in February 2006. The patent was submitted in January 2005. Brown via RedPhoneSecurity hired Housley to write the patented protocol as an IETF Draft. Housley admits that he knew that the draft he wrote was the subject of a patent. The problem: Housley and Brown didn't tell the IETF about the patent, in violation of the IETF Policy. Their draft (seven revisions), stated that (emphasis added)
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Housley says in his defense:
I was aware that Mark Brown was working on a patent; however, I did not begin working with him until after his provisional patent application was filed. I did not see the claims until the filing became public.
Since I knew that a patent was in the works, but I did not know the details, at the time we submitted the -00 draft to the repository (which was February 2006), I reminded Mark Brown that an IPR statement might be necessary.
So, Housley knew, from the -00 draft on, that there was a patent "in the works", but continued to mislead the IETF and IESG that he was not 'aware of any applicable patent or IPR claims'. We know now that his assurances were false. Housley admits the assurances were false. Housley's justification for these false statements is that he didn't know the exact patent claims. Housley says it was Brown who failed to disclose the patent. Even if it were true that Brown failed, Housley has an obligation to tell the IETF or IESG of Brown's failure to disclose the patent. The IETF allows third party to disclose patents, and to identify the patent holders.
Housley's defense is not credible.
Brown (the other author) finally made a disclosure on November 28, 2006 (right over Thanksgiving). A good eye by IESG Member Sam Hartman caught the emailed disclosure notice, and thereby discovered the deception. It was discussed by the IESG on the next telechat on 11/30/2006. The IESG announced withdrawal of the approval in February, 2007.
Please refer to the definition of "Actionable Fraud". [I used Black's Law Dictionary repeated here] Note that at this time we do not know if a crime was committed, and do not make a criminal allegation, nor impute criminal activity.
Tim Polk has revived the tls-authz-extns draft with his own misconduct. Polk and Housley are close personal friends and business partners in the publication of a book on PKI.
Essentially, the duties of an agent/employee to the principal/employer are established in the cases of law which establishes the justice of this kind of human interaction. The cases are distilled into rules by the American Law Institute into rules along with an index to the cases establishing the rules. The American Law Instituted publishes these distillations under the series of "Restatement of <subject matter>", and updates these volumes periodically. These distilled rules are references for both Lawyers and Judges.
From the Law of Agency, Second: (emphasis added)
§ 390. Acting as Adverse Party with Principal's ConsentAn agent who, to the knowledge of the principal, acts on his own account
in a transaction in which he is employed has a duty to deal fairly with
the principal and to disclose to him all facts which the agent knows or
should know would reasonably affect the principal's judgment, unless the
principal has manifested that he knows such facts or that he does not
care to know them.§ 390 Comment a. Facts to be disclosed. One employed as agent violates
no duty to the principal by acting for his own benefit if he makes a
full disclosure of the facts to an acquiescent principal and takes no
unfair advantage of him. Before dealing with the principal on his own
account, however, an agent has a duty, not only to make no misstatements
of fact, but also to disclose to the principal all relevant facts fully
and completely. A fact is relevant if it is one which the agent should
realize would be likely to affect the judgment of the principal in
giving his consent to the agent to enter into the particular transaction
on the specified terms.§ 390 Comment c. Fairness. The agent must not take advantage of his
position to persuade the principal into making a hard or improvident
bargain.
We assume here that the ISOC/IESG/IETF Activity gave its consent for the adverse transaction.
The rule of law is plain; It appears that Housley violated his duty to deal fairly with the ISOC IETF Activity.
Further, the Restatement of Agency, Second states: (emphasis added)
§ 394. Acting for One with Conflicting Interests
Unless otherwise agreed, an agent is subject to a duty not to act or to
agree to act during the period of his agency for persons whose interests
conflict with those of the principal in matters in which the agent is
employed.§ 394 Comment a. The rule stated in this section goes beyond that
stated in Section 391, which is limited to situations in which the agent
acts for an adverse party in a transaction to which the principal is a
party. Under the rule stated in this Section, the agent commits a breach
of duty to his principal by acting for another in an undertaking which
has a substantial tendency to cause him to disregard his duty to serve
his principal with only his principal's purposes in mind. [...]This is true although the agent does not agree to give his full time to
the principal-s business and does not use the time paid for by the
principal in acting for another. The danger that he will not be
impartial and that he will use confidential information obtained in the
business of one in the affairs of the other makes it improper for him to
act for both.
In spite of the above facts, the IESG still (and subsequently!) made Housley Chairman of the IETF in March 2007. It is an understatement to say that making Housley Chair under such circumstances is very bad judgment. And even after the full extent of the scandal became known, Housley has not been made to resign and has instead been promoted and honored. This is an offense to everyone who works hard, plays by the rules, and is offended by those who cheat and expect not to be penalized.
The IESG has refused to allow the review of the iesg@ietf.org email list, which records Housley's messages on the Authz-extns draft. The iesg@ietf.org records the discussions of the IESG members, and ISOC members have a right to review these minutes. One wonders what may be hidden through the refusal. One clue lies in the claim of "recusal." IESG members routinely announce recusal and then continue to participate and influence the IESG.
The IESG met in July 2007, and had an opportunity to review Housley's conduct. The IESG chose not to censure Housley in any way, despite knowledge of the misconduct.
Septempber 2007, Tim Polk (a new IESG Member, and close personal friend of Housley, revives the draft. Complaints about this action on the IETF IPR-WG list were suppressed by Harald Alvestrand.
IETF "IPR Search Engine Page" for draft-housley-tls-authz-extns. This page can be found by going to www.ietf.org, clicking on "IETF IPR Disclosure Page", click on "Search the IPR disclosures", and enter 'draft-housley-tls-authz-extns' (no quotes) into the "Enter I-D Filename" field. As of 6/11/07, there are four filings:
# 2007-04-07 ID # 833
"RedPhone Security, Inc.'s statement about IPR claimed in draft-housley-tls-authz-extns-07.txt"
# 2007-03-05 ID # 808
"Stephen Farrell's statement about possible IPR claimed in draft-housley-tls-authz-extns-07.txt
belonging to Siemens"
# 2007-02-27 ID # 806
"Eric Rescorla's statement about possible IPR claimed in draft-housley-tls-authz-extns-07.txt
belonging to IBM Corporation"
# 2006-11-28 ID # 765
"RedPhone Security, Inc.'s statement about IPR claimed in draft-housley-tls-authz-extns-07.txt"
The patent files can be downloaded from tthe US PTO. Go to the "How to Search" page. Click on "Track Patent Status". Then select "Application Number" and enter the application number 60/646749 or 11/234404 and click on Search.
To get the patent documents, click the tab "Image File Wrapper" and
download the images as a PDF. There are other tabs which are interesting.
Draft-housley-tls-authz-extns and versions
Datatracker page for Authz-extns To find this page, go to datatracker.ietf.org, and enter draft-housley-tls-authz-extns in the filename field and click on "Search"
IESG Telechat for November 30, 2006 To find this page, go to www.ietf.org/iesg.html, and click on "Minutes of IESG Teleconferences", Click on 2006, then click on November 30.
March 06, TLS Working Group Meeting Minutes
January, 2005 Patent Filing. The first patent applicationis filed in January, 2005, with Mark D. Brown and David J. Wilke as the applicants.
September, 2005. The application was apparently amended with application number 11/234404. This amended application is not listed in the IPR disclosure, but can be found on the "Continuity Data" tab of the USPTO web site (see below). The omission is somewhat strange. The amended application is the most similar to the text in the Authz-extns draft.
February, 2006 The first draft of draft-housley-tls-authz-extns was submitted. Mark Brown and Russ Housley are the authors.
March 2006. TLS Working Group declines to work on the draft:
A show of hands indicated that while a number of people are interested in this item, only two were interested enough to agree to review the document and comment. Thus, this item will continue as an individual item.
April 20, 2006 Sam Hartman requested publication of Version 3 . (See datatracker entry)
June 7, 2006 After a series of minor changes, the draft (version 07) is approved by the IESG. A record time of about 4 months.
June 30, 2006 Draft-07 is finally approved and announced .
November 28, 2006. Brown submits IPR Disclosure #765.
November 30, 2006. The IESG (apparently) discusses the IPR disclosure during the telechat, describing the discussion only as "The management issue". The IESG decides to withdraw approval and re-issue a last call. The minutes can be found above in Resources.
February 2007, IESG announces that approval is withdrawn.
March 1, 2007 Russ Housley's first response on the subject, on meaning of "square one". It is to say that Hartman has said the document will go back to "square one" as an individual submission, not a working group document.
IETF 68 March 18-23, 2007, Housley selected to become Chair of the IETF. [The IAB says IETF-68 happens in November 18-23, 2007]
March 29, 2007 Sam Hartman says the document did not get support.
March 29, 2007 Ted Hardie notes that Eric Rescorla and Pasi Eronen had suggested that this document be evaluated by the TLS working group.
March 29, 2007 Sam Hartman says Housley's authz-extns document is outside the charter of the TLS working group. (See the TLS Working Group Charter.)
March 29, 2007 Ted Hardie says its common for working groups to do this kind of work.
March 29, 2007 Sam Hartman tells Hardie that he is trying to figure out exactly what questions to ask the TLS working group to work on.
April 3, 2007 Russ Housley doesn't want his prior conflicts of interest on same subject discussed on the same thread. (off-list email to Sam Hartman and Dean Anderson)
April 6, 2007 Russ Housley admits knowing patent was in the works. Says he thought Brown was responsible for filing disclosure
April 6, 2007 Dean Anderson asks to review the IESG archive. These emails are business records that record the minutes of the discussion of the IESG.
April 6, 2007 Sam Hartman refuses to allow review of the IESG archive. Hartman removes the IETF list from his response. This seems strange.
April 6, 2007 John Klensin says the IETF is not a corporation.
April 7, 2007 Dean Anderson refutes Klensin: ISOC is a corporation. Cites law stating that members have right to view minutes of meetings. The IESG will continue to ignore the law.
April 7, 2007 Russ Housley refers to his position on non-disclosure of Entrust patent. (off-list email to Dean Anderson)
April 7, 2007 Russ Housley thinks Hartman is handling the situation properly.
April 9, 2007 Russ Housley on recusal, financial interests. Interestingly, recusal, to IETF staff, just means they don't vote. It doesn't mean that they don't continue to influence the process. See Sam Hartman's message of April 11, 2007
April 9, 2007 Russ Housley says he didn't know the exact patent claims, and so didn't know a filing was needed
April 9, 2007 Sam Hartman says people happy the TLS Group will take draft: (emphasis added):
However, at this point, people seemed happy with taking the draft to
the TLS working group. The authors asked for a week delay while they
prepared a new IPR disclosure. That disclosure seems to have hit the
IETF servers, so I'll touch back with the authors and then engage the
TLS chairs.
April 11, 2007 Sam Hartman on (non) recusals. Hartman says: we've been careful to say "recused . . . from the decision." rather than from the process. See definition of recusal
April 11, 2007 Brian Carpenter questions whether anyone ever sued for ignoring patent licence
April 11, 2007 Simon Josefsson: Carpenter implies bad faith by GPL implementers
April 11, 2007 Carpenter: 'any proof that patent holders care about infringement?'
April 11, 2007 Josefsson: 'is IETF interested in supporting people who violate patents?'
April 12, 2007 Carpenter: 'No company has royalty free license' This claim by Carpenter is ridiculous. The LPF urges an interim mutual defense policy where patent holders only use patents defensively
May 28, 2007, Rescorla announces IESG Last Call on authz-extns
May 29 2007, Simon Josefsson negative on draft publication
May 29th 2007, Anderson disputes authz-extns status says that document should be WG document
May 29th, 2007 Rescorla says not a working group document
May 30, 2007 Hartman says Rescorla right about status Says the IESG doesn't have to wait around for alternatives.
May 30, 2007, Pasi Eronen says publish document.Also says shouldn't deny publication as penalty
June 3, 2007 Richard Levitte negative on draft publication.
June 5, 2007 Bodo Moeller negative on draft publication.
June 8, 2007 Dean Anderson responds to Hartman's May 30 Message. Says not happy, and feeling misled.
June 11, 2007, Sam Hartman withdraws sponsorship and ends the Last Call process early. Cites lack of consensus.
June 11, 2007 Sam Hartman datatracker entry cites (emphasis added) "rough consensus against publication"
June 11, 2007, Mohamad Badra reports some possible prior art.
June 12, 2007 Andres Marin reports past activity with TLS authorization extensions. Prior art..
August 7, 2007 Scott Bradner reports Wall Street Journal Article to the IETF IPR-WG. The article reports on charges of "aggravated litigation abuse" after Qualcomm "deliberately concealed the patents from a standards-setting group."
August 27, 2007 Tim Polk requests input from Dean Anderson on how to revive the document. Anderson responds it will take some time to consider.
September 7, 2007 Tim Polk suggests calls for Monday, Tuesday or Wednesday (Sept 12)
September 10, 2007 Without notice, Tim Polk changes document status from "Dead" to "Publication requested" and changes it category from Standards Track to Experimental.
September 13, 2007 Polk responds that he is "looking forward to reading the response". Does not mention he has already acted.
September 13, 2007 Anderson notices the datatracker entry, and that the document has been changed.
More conversation with Polk.
September 18, 2007 Polk email's Anderson that he needs to "pick a strategy this week". Still does not reveal that a strategy has already been picked and put in motion.
September 25, 2007 Polk issues Third Last Call on draft-housley-tls-authz-extns
September 25, 2007 Simon Josefsson opposed
September 26, 2007 Tim Polk responds to Simon Josefsson
September 26, 2007 Brad Hards against One reason Hards cites is that approval sends the wrong message to Redphone Security.
September 27, 2007 Brian Carpenter responds to Brad Hards. Asserts that IETF sent a strong message, and complains of "double jeopardy" for Redphone Security
September 28, 2007 Dean Anderson rebuts Carpenter's assertions.
September 28, 2007 Dean Anderson forwards offlist message to Polk
September 28, 2007 Eric Rescorla disputes Anderson, says that the tls-authz document was never a working group document. Rescorla is correct.
September 28, 2007 Dean Anderson concedes mistake on the status of the tls-authz document.
September 28, 2007 Brian Carpenter quotes from Rescorla's message, says [Anderson's] statements about Housley Fraud are libel. In the response, Carpenter has deleted Anderson's name from Rescorla's message. Carpenter states falsely that he does not know who made the claim. This is a lie because Carpenter deleted it from Recorla's message. Carpenter announces that he 'magically deletes [killfiles] [Anderson's] messages'. The Announcement that Carpenter deletes Anderson's messages is just an ad hominem attack on Anderson. On the subject of the "libel" he is "refuting", Carpenter asserts (incredibly) that Housley had nothing to do with the IPR disclosure.
September 28, 2007 Dean Anderson responds to Carpenter refuting his claims.
September 28, 2007 Dean Anderson posted improved response to Carpenter, refuting his claims, and citing Carpenter's own related past misconduct and disregard for the law.
September 29, 2007 Harald Alvestrand suspends Anderson's posting rights.