Slashdot Mirror


Cisco Applies For Patents To Secured TCP

An anonymous reader writes "Following the recent excitement over a potential vulnerability in TCP, Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. KernelTrap has the full details."

10 of 290 comments (clear)

  1. Well... by Short+Circuit · · Score: 5, Interesting

    They better hope their applications are dated before the recommendations.

    1. Re:Well... by arivanov · · Score: 4, Interesting

      Depends from what perspective. They have already pulled out the stunt of suing Aclcatel and OpenBSD for VRRP without doing the proper patent disclosure in IETF. So one more case one less is not going to change a lot.

      Methinks that it is much more interesting that there were people from outside Cisco working on that vulnerability. If I recall correctly the list there was Juniper and someone else there as well. So unless Cisco did the correct paperwork with these guys they are fully entitled to sue Cisco's arse flat.

      In btw, it is quite time someone questions the exact origin of SSL, SSH, NTP and a few other items in IOS which are known to be bug for bug compatible with OSS code and do not have stated copyrights in the IOS release notes.

      --
      Baker's Law: Misery no longer loves company. Nowadays it insists on it
      http://www.sigsegv.cx/
  2. It's all about the phbs by SatanicPuppy · · Score: 5, Interesting

    Phb: "Oh, SELF PROTECTING NETWORK! Oooo! We need one of those!"

    Such crap. It's like those blatantly false microsoft ads where they show microsoft office as a wonderful beautiful thing. I've worked with office for years, and the only time I danced through my office with a newly printed office document involved a printer incompatibility, a long project, and way too much coffee.

    Show me an ad that says, "Hey this works okay most of the time," or "this router can detect and contain unusual network activity, so viri spread slower" and that's a product that I can trust. Promising pie in the sky only works for idiots.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    1. Re:It's all about the phbs by SatanicPuppy · · Score: 4, Interesting

      I agree completely, thus the "Pointy-Haired Boss" reference.

      My mother is just like this. I can tell her something over and over and over again, and it means nothing to her. But if she hears the same thing from a random, poorly-informed stranger, it's a proven fact.

      It's sad that they know enough to hire skilled people, and then choose to listen to simplistic (though slick) advertising instead.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  3. Re:i'm starting to agree by mo · · Score: 5, Interesting

    well, if it makes you feel any better, we just made a purchasing decision against cisco in favor of two simple linux boxes running a combination of shorewall and heartbeat. The cost savings versus the cheapest cisco firewall that does failover was worth the effort of installing the open source software. I also highly recommend m0n0wall for a SOHO cisco replacement. I'd chose m0n0wall over a cheaper watchguard or sonicwall box any day.

  4. Did ANYONE RTFA??? by chrome · · Score: 4, Interesting

    Especially the part where Robert Barr says "any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard."

    That sounds like to me that Cisco will not be charging a whole lot for this license, it will probably be one of those $1 license deals where once you have it, you have it in perpetuity.

    If Cisco don't apply for a patent, someone else WILL and those barstards might end up charging so much for the method that it never becomes a standard.

    I don't think Cisco's intent is to make the standard too expensive for it to become an actual standard in use.

    1. Re:Did ANYONE RTFA??? by chrome · · Score: 4, Interesting

      Right. I checked the GPL and it does say that.

      I got a response back from Robert, my stuff is in bold, his is the reply below:

      > If I read this correctly (IANAL, obviously) the Linux Kernel project
      > could go right ahead and use the methods that Cisco has applied patents
      > for, however at any time after a Patent has been issued (IF it is
      > issued - and I think its a fair bet its going to happen, the USPO seems
      > to rubber stamp anything out of tech companies these days) Cisco could
      > demand that the Linux Kernel project pay them whatever.


      Not at all. That's not what it says, or what I mean to say. It says that
      nobody has to pay anything, or even ask for a license, unless they want to
      assert patents against Cisco. You don't read it that way?


      Well, I'm not quite mollified by this. So I sent the following:


      Okay, I get that point now, but is there anything stopping Cisco from asserting its patents just for the hell of it?

      You say that Cisco will only assert its patent against someone who tries to assert a patent against Cisco, but what is stopping Cisco from just doing it anyway?

      ie, the methods are integrated into the Linux Kernel TCP/IP stack and gain wide acceptance, and Cisco then sees value in trying to claim that all users of Linux need to pay Cisco a licensing fee of $200 per CPU to use the proprietary, patented methods included in Linux.

      I know its far-fetched, but 3 years ago, anyone saying that SCO would try to claim ownership of Linux would be laughed at.

      What agreement can open source projects enter into with Cisco to ensure that the above is legally impossible?

      Lastly, the GPL states:

      "Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all."

      So, for any GPL software use Cisco's methods, Cisco will need to provide a guarantee that under the GPL, any future patent for these methods will be free for use by that GPL software.

      Just taking your word for it that Cisco won't assert it's patent in the future isn't good enough :)



      Now, I'll happily grant that my analysis if probably flawed, but I think I'm on the right track here ;)

  5. Actually... by Xenographic · · Score: 5, Interesting

    I can and have thought up a number of ways to use our IP laws to discourage innovation.

    For example, there's some stupid precident where something like 5 notes were supposedly "subconciously copied." I remember that, from the way they decided things, someone calculated that there were only 5,000 some odd different types of music that would be legally recognized under that precident.

    Therefore, if you simply make a CD with each variation (and to comply with other wacky precidents and laws, make it a "dramatic" work--e.g. put some kind of story in there with your music, as well as mixing up the order so as to make your creation more creative than a mere listing of all the possible note combinations), and file a copyright on it.

    Voila, you've copyrighted all the music. But you probably don't dare distribute any of it, lest you infringe on every pre-existing work, so you play SCO. Manage to get in the media with some wacky press release (Slashdot would be a good target), and spout off about how you intend to use this to stifle musical innovation "because it's clearly not profitable."

    Ramble on a bit about how the industry knows what is best for us--"only unoriginal crap sells! so long as they're just rehashing their old works, we feel that they're not deriving anything from ours, and we simply want the music producers to make money, something you cannot do unless you force-feed the public unoriginal music." Thus you're never under obligation to actually sue anyone, though you can make a show of menacing anyone whose music might be original, telling them that it doesn't seem to derive enough from all their old records, so they must have stolen it from you...

    Yes, I realize that this is incredibly contorted logic (I must have been reading too many SCO stories here...), but the upshot of it is that you would be using such a copyright registration to (at least attempt) to stifle innovation. ...

    Now then, as for patents? It's harder to find an example of a bottleneck, as above, and these will cost you over $1,000 each in filing fees alone. Still, you seem to be able to patent the most rediculous things. You could always file some nonsense like "n-click shopping, for n greater than one" (note that you can make "shopping" into any other activity, though you might get hillarious results like "3-click bowling") or just "___ over the internet" ...

    I can even imagine being bored enough to write an "absurd patent generator" in Perl, if I could just think of more such patterns to feed into it :] For irony's sake, one could then patent that nonsense generating algorithm (though proving it useful in commerce might be another hurdle... I wonder if they would buy the thought that putting it on a page with ads and making a grand total of $0.38 from the ads would be enough? :)

    Of course, if you really did invent something wonderful, and you could patent up all the possible ways of using it (so that others couldn't just tweak it and get around your patent), you could always just publicize it and say that you have absolutely no intention of ever letting anyone use your invention until the patent expires. If it was software, you might then make it available via your website for *only* those people where your patent doesn't apply...

  6. Re:Some IETF and patent background... by ninjaz · · Score: 5, Interesting
    So you can have more secure communications, but only if you pay Cisco.
    Actually, according to the "full details" link, you can have more secure communications, but only if you pay attention to OpenBSD's recommendations (and ignore Cisco's patent-encumbered implementation which isn't as good).

    This is the second time in six months OpenBSD has seriously one-upped Cisco and its patents. :-) They even wrote a song about the first!

  7. Re:Some IETF and patent background... by ninjaz · · Score: 4, Interesting

    No, I'm not sure. Don't mistake me for an expert on this set of vulnerabilities. I was going by what was said in the link and on the OpenBSD misc@ mailing list.

    According to some messages on the list, Cisco was one of the worst affected by the recently announced set of TCP vulnerabilities, and OpenBSD had only minimal exposure in the first place.

    It strikes me that this may be PR ploy on Cisco's part to cover up for their past mistakes by appearing to rush to the rescue with a patent pending solution. They'll even graciously let others use them in exchange for cross-licensing. After all, if it's pending a patent, those Cisco guys must be really on the ball ...right? ;)

    Personally, I trust the OpenBSD project a great deal more than Cisco when it comes to security. I mean, OpenBSD wasn't even vulnerable to the no-workaround backdoor password issue!

    Luckily in that case, locking a user account had a considerable amount of prior art.