Slashdot Mirror
Cisco Applies For Patents To Secured TCP
An anonymous reader writes "Following the recent excitement over a potential vulnerability in TCP, Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. KernelTrap has the full details."
Do you think they'll patent the backdoor they're planning on putting in it? I'd hate to have to reverse engineer that.
I used to be very pro-cisco, but with the recent "Self protecting networks" ads that are misleading at best, and the backdoor snafu, I don't see how I could reccomend to anyone that they're worth the cost.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Let's keep in mind that patents are in place to protect the innovators and keep them innovating. Yes, it sucks that maybe other vendors can't use this for a while, but that's the price of progress.
The US business model sucks.
Patenting a security feature in TCP? Cisco sucks. I won't use another one of their products again if I can possibly help it.
Unfortunately that's probably not going to happen. In fact, I have this CSS 11150 box that i'm going to have to configure. sigh.
When the choice is principles and employment, employment wins. I have child support to pay.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Historically, the IETF has been neutral about using patents in the Standards process, and its position is summed up best in the charter of the IPR Working Group (http://www.ietf.org/html.charters/ipr-charter.htm l):
Last year, there was an attempt to make the IETF change their policy, but it failed miserably (http://news.com.com/2100-1013-996351.html?tag=fd_ top).
So you can have more secure communications, but only if you pay Cisco.
Bastards.
"Omnis tuus capsa sunt inesse nos"
The reason is that this is basically a patch to a protocol. The TCP protocol itself was a novel invention. But most patches to protocols, or to code to fix a particular problem, are fairly obvious to someone skilled in the requisite arts. Generally, the nature of the bug is what determines the solution, and often the solution is obvious to someone who is familiar with the protocol (or code) and the problem in question.
If this gets through then you can expect a lot of patents to be filed on patches to many things, including open source projects. And that means that unless the code is protected by something like the GPL (which requires a patent license grant as a condition of redistribution), the projects (and those who maintain and use them) will be vulnerable to patent infringement suits.
This is going to get nasty. But I think most of us who have been keeping track of this nonsense already know that.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Official standards should not include anything that is proprietary, as that gives someone a monopoly and shuts out open source solutions. Standards should be designed so that everyone can use them without having to pay royalties.
Unless Cisco licenses the technology and other companies bite, I don't see this getting very far on the Internet. Too much of the backbone is comprised of equipment from multiple vendors. I work for a large Tier 1 ISP. Most of the edge routers are Cisco, but the core routers are Juniper. Things get even messier in a Co-location data center, where customers can be using who knows what brand of equipment to connect to the data center's network.
If you can't beat them, embrace and extend them.
Bastards, patenting a public working group's suggestion for fixing the broken widget. Anyone else wonder if there is a conspiracy here? If this works for the network appliance giant, SCO might just have a case if they patent a few of the publically submitted kernel patches.
There is very little future in being right when your boss is wrong.
Show me an ad that says, "Hey this works okay most of the time," or "this router can detect and contain unusual network activity, so viri spread slower" and that's a product that I can trust. Promising pie in the sky only works for idiots.
It's been my experience that the idiots are the ones making the purchasing decisions, hence the nature of the advertising.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
The point is that it works! Not because people are idiots, but because they're muggles. They don't get it. To them, the act of sending email might as well be magic for all the understanding they might have, so promising them something that's technically infeasible is worthwhile and profitable. If it's presented well, if it uses cultural memes that are accepted and understood by the target audience, if it tells them something they want to hear, it'll work.
Yes they were - the NRDC (later to become BTG) had a monopoly on the exploitation of publically funded research from its inception.
Patenting things (hovercraft, interferon, CVT, etc.) is entirely different from patenting processes/software - the first can be justified, the second is a can of worms best left unopened.
I think you're trolling, anyway.
oh brave new world, that has such people in it!
There's really nothing to be upset about. From the article:
Basically, the implementation that Cisco is trying to patent is also flawed. OpenBSD's implementation contains better fixes. Who cares if Cisco tries to patent a flawed fix that no one will end up using? Let them waste their money. Let's face it, this move is upsetting on principal but there's really nothing to see here ... move along.
After talking to the likes of Radia Perlman (who is extremely cool fwiw) I have extreme reservations that business model aka software patents do any good for society at all. I wonder where the state of networking would be now if spanning-tree had been patented and we had to wait 17 years before anybody was willing to implement it. I wonder where we could be if a mind like Ms. Perlman's could work on certain areas which really interest her (PKI for one iirc) except it isn't worth walking through a minefield of worthless patents. If HTTP had been patented do we you think we'd be using it or would we be using Gopher? Huh. Cisco has patents related to VRRP so the OpenBSD team develops an alternative and improves on the concept by adding in cryptography and increasing reliability.
And just remember this. For all the success stories you talk about - if it harms society, if it inhibits the arts and sciences - what the government gives it can taketh away. The Wright brothers didn't get to keep their patents.
I don't want knowledge. I want certainty. - Law, David Bowie
That sounds like to me that Cisco will not be charging a whole lot for this license, it will probably be one of those $1 license deals where once you have it, you have it in perpetuity.
And what, exactly, do you base the "probably" on? I see it as distinctly more probable that Cisco, being a dominant player, will implement what would otherwise be a discarded solution, and smaller vendors will be basically forced to follow suit. They will, of course, have to line up to pay the Cisco tax, and that internet tax will fall on the shoulders of every person using the services or products, directly or indirectly, of any of those firms.
Of course we're both just pissing in the wind because ultimately we have no idea, however Cisco has provided a bad precedent by going for this patent (and the "defensive patent" angle doesn't really fit here).
Show me an ad that says, "Hey this works okay most of the time," or "this router can detect and contain unusual network activity, so viri spread slower" and that's a product that I can trust.
... while it's scanning the disk, you can have it animate the logo and/or play some music. Why does that need to be there? It doesn't ...
... the hardware isn't spectacular, but they make up for it in software. They add feature upon feature upon feature, which leads to the code getting overly complex, which leads to bugs. You then get vulnerabilities like the one for LEAP, or now this TCP reset business, when they (the bugs) likely wouldn't exist if the routers just did routing and the engineers focused on that.
That's not a product I would trust. Routers should do one thing, and that's routing. Firewalls should be the devices that implement policies, not routers.
It's the same premise as buggy, hole-ridden software. A good 30% of 'features' in software don't need to be there, but they are, and they introduce problems. Take Norton Systemworks (2002)
The same goes for Cisco
vodka, straight up, thank you!
You do, of course, realize that if everyone who had an RFC that they charged a license fee for, the Internet would not exist at all?
The Internet was built off of the same philosophy as OSS. It's a bunch of people putting their heads together and throwing their ideas in the ring to make things better for all involved. What if all of these people clutched their ideas to their chest and said "This is MY piece and you have to pay me to use it"?
It doesn't matter whether or not Cisco would charge a small license fee for this new implementation. They are running against the philosophy that built the Internet in the first place. Standards must be open and free for the widest possible adaptation or you are looking at vendor lock-in ala Microsoft. In other words, to hell with Cisco.
I did RTFA and it looks like this is a proposed draft - It has not been ratified. Cisco is saying that if it is they've got the patents. What they're going to do with it I'd rather not find out. I'm willing to bet that most vendors won't follow the new recommendation to escape potential fees/lawsuits and instead go with another implemenation...Possibly their own. And that can't be a good thing.
-R
- Product A -- Claims to be 73% good.
- Product B -- Claims to be 96% good.
- Product C -- Claims to be 99.999% good.
- Product D -- Claims to be 100% good.
Being skeptical, you would probably pick product A has having truthful ads. Product B, you might think, has really good real-world performance. Product C is just marketing hype, and product D is impossible in the real world.But if you see a big brand name (Microsoft, Cisco, Intel, etc.) on product C, you might say "Well, it isn't 100%, and they are a good company. Maybe it's the truth. Of course, claiming to be Product C happens, and that's where the trap is.
It might be that you are looking at Microsoft statement claiming "5 nines" of 99.999% uptime (that's down for 5 minutes each year). Or Sun claiming the same 99.999%. Or Cingular Wireless claiming 99.999% reliable networks, excluding several days of downtime that they must not factor into their percentage. Maybe it's that 99.999% pure copper speaker cable you were looking for. (For the chemists, here's a site where you can buy over a dozen other '99.999% pure metal' wires.) Lots of people get caught into that.
In some cases it really is justified. If I were a chemist, maybe having iridium wire that is only 99.9% pure might cause problems, and those extra 9's might be significant. But that usually isn't the case for most marketing.
But I don't think it's just a PHB issue, it's a problem of 'I really want the best, and I only want to spend 5 minutes to find out which one that is'.
frob
//TODO: Think of witty sig statement
Pretty fair mutual-assistance type thing.
Almost. You forgot the bit that says:
* If the someone uses the Cisco patent in a product that does not comply with the IETF standard, Cisco may make them pay royalties.
As mentioned by some other posters, this proviso makes it impossible to use the patented technology in GPL'd code.
Actually, the "you can't sue Cisco for infringement of your patent if you're using our patent" probably also makes this "license" GPL-incompatible, even though it does seem like a fair trade.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Europe on the other hand (well, the PCT) has no grace period. Once the invention is disclosed, your rights are out the window. Adopting a policy like this would make it much harder for companies to troll newsgroups/web/discussion boards, get ideas, and file an application based on an implementation. It's not a total solution, but it would be a good start.
As someone that was trying to invalidate an obvious patent filed on date X for a client, let me tell you that finding stuff on the web published over 1 year beforehand was a bitch. Plenty of stuff in the 6 month range, but the web wasn't full blown back in mid 90's like it is now...
-truth
I had a steady B+ in my AI class until I failed the Turing test...
IAAC. Most reagents are indeed rated rather precisely with respect to their purity. For example, "spectroscopic" grade toluene is different than "hplc" grade toluene, and they're both different from "reagant" grade toluene. (These are so-called "customary" names for different purity grades. It can be a little confusing even to practitioners, so typically something will be labeled like "Reagent Grade (95%) Foo.")
Those extra 9s frequently are important. For a plain synthesis reaction, 95% may be ok (you may just want to make some of product X to prove that it can be made, so if you have some miniscule fraction of an isomer of X due to that 5% similarly-reactive reagent impurity, it's not such a big deal). But if you're doing a really precise analysis (say ppt range), you don't want any peaks from chemically similar impurities crowding into the spectral range you're looking at.
But yeah, outside of the actual practice of science, most anything above 99% is speculative horseshit dreamed up by a marketer. _Proving_ that something is that pure is an expensive and time-consuming prospect.
News for Geeks in Austin, TX
Right - the implementation of ideas. Except it's not, because the USPTO allows processes - ideas themselves - to be patented.
If it was as simple as implementation (binary or even source code), "we" could write a new implementation that was compatible with their one (did the same thing in a different way), and multi-vendor secure TCP comms could happen. Unfortunately it's not that simple because they've likely patented the processes, although we'd have to wait for the patents to be available to see, I think.
This is actually rather risky for Cisco, because they may cut themselves off from everyone else. If OpenBSD indeed has a better and free solution, organisations should be using them. The result then is no secure communications if your non-Cisco equipment talks to Cisco equipment (unless Cisco implements the OpenBSD stuff too...).
Presumably the USPTO is smart enough to shoot down a process patent that's based on published recommendations by a third party, but maybe there's something clever in Cisco's particular implementation that's worthy. Either way, I suspect Cisco has just killed an otherwise reasonable way of doing secure TCP on the public Internet.
And props to people like the OpenBSD guys for being there and continuing to grind out alternative and often better solutions.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
I think it should be against the trade descriptions act (UK), but it'd probably be ok.
For those who don't realise normal full fat milk is 4% fat - hence 96% non-fat. Skimmed is c.1% fat, semi-skimmed is 1%-2%, iirc.
I think 96% fat-free should have 4% of the fat of 'normal' full fat, not be full fat milk.
Deceptive advertising at it's most obnoxious?
Of course in many parts of the UK we don't have swings now, because they are considered to be dangerous, by the fascists at the Health and Safety Executive, or maybe because the owner simply has not the time to do a risk assessment, as required by law.
It gets realy stupid sometimes.....