GnuTLS developers remove function to avoid patent dispute
The developers of the open source GnTLS library, which supports Transport Layer Security (TLS) and Secure Sockets Layer (SSLv3) encryption protocols, have removed a function from the current version 2.0.2. They say they did so because a company has applied for a patent for that function.
The function removed is an extension called TLS Authorization, which the IETF is currently reviewing as a draft for standardization. GnuTLS had already implemented it, but now RedPhone Security has applied for a patent. The developers responded by removing the extension from the software in order to avoid potential claims for license fees. The developers say that removal was not a problem because the extension was optional to begin with. They felt that complete removal would ensure that more users refrain from implementing the extension.
The IETF has also reacted to the application for a patent by not accepting the draft. Now, the Free Software Foundation (FSF) says that RedPhone Security is trying to get the concept adopted as a standard anyway by promoting it as "experimental" and "informational." The FSF has submitted a comment to the IETF to oppose this action and is calling on users to do the same. Until today, Tuesday, October 23, the IETF is accepting comments on the draft. The IETF would have to refuse the draft if there is sufficient opposition. The FSF is one of the best known opponents of software patents.
- GnuTLS 2.0.2, the GnuTLS developers' announcement and change log
- Send comments opposing TLS-authz "experimental" standard by October 23, the Free Software Foundation's call to send in comments to the IETF
- Draft submitted to the IETF for the addition of TLS authorization to TLS
- RedPhone Security, Inc.'s statement about IPR claimed in draft-housley-tls-authz-extns-07.txt, RedPhone Security's patent claim