Slashdot Mirror
Cisco Applies For Patents To Secured TCP
An anonymous reader writes "Following the recent excitement over a potential vulnerability in TCP, Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. KernelTrap has the full details."
and you use it illegally, you're in trouble.
only the criminals will have network connections
They better hope their applications are dated before the recommendations.
tasks(723) drafts(105) languages(484) examples(29106)
Do you think they'll patent the backdoor they're planning on putting in it? I'd hate to have to reverse engineer that.
I used to be very pro-cisco, but with the recent "Self protecting networks" ads that are misleading at best, and the backdoor snafu, I don't see how I could reccomend to anyone that they're worth the cost.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
The US business model sucks.
Patenting a security feature in TCP? Cisco sucks. I won't use another one of their products again if I can possibly help it.
Unfortunately that's probably not going to happen. In fact, I have this CSS 11150 box that i'm going to have to configure. sigh.
When the choice is principles and employment, employment wins. I have child support to pay.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Historically, the IETF has been neutral about using patents in the Standards process, and its position is summed up best in the charter of the IPR Working Group (http://www.ietf.org/html.charters/ipr-charter.htm l):
Last year, there was an attempt to make the IETF change their policy, but it failed miserably (http://news.com.com/2100-1013-996351.html?tag=fd_ top).
So you can have more secure communications, but only if you pay Cisco.
Bastards.
"Omnis tuus capsa sunt inesse nos"
The reason is that this is basically a patch to a protocol. The TCP protocol itself was a novel invention. But most patches to protocols, or to code to fix a particular problem, are fairly obvious to someone skilled in the requisite arts. Generally, the nature of the bug is what determines the solution, and often the solution is obvious to someone who is familiar with the protocol (or code) and the problem in question.
If this gets through then you can expect a lot of patents to be filed on patches to many things, including open source projects. And that means that unless the code is protected by something like the GPL (which requires a patent license grant as a condition of redistribution), the projects (and those who maintain and use them) will be vulnerable to patent infringement suits.
This is going to get nasty. But I think most of us who have been keeping track of this nonsense already know that.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Official standards should not include anything that is proprietary, as that gives someone a monopoly and shuts out open source solutions. Standards should be designed so that everyone can use them without having to pay royalties.
Is that a cross between excitement and excrement?
Unless Cisco licenses the technology and other companies bite, I don't see this getting very far on the Internet. Too much of the backbone is comprised of equipment from multiple vendors. I work for a large Tier 1 ISP. Most of the edge routers are Cisco, but the core routers are Juniper. Things get even messier in a Co-location data center, where customers can be using who knows what brand of equipment to connect to the data center's network.
If you can't beat them, embrace and extend them.
Phb: "Oh, SELF PROTECTING NETWORK! Oooo! We need one of those!"
Such crap. It's like those blatantly false microsoft ads where they show microsoft office as a wonderful beautiful thing. I've worked with office for years, and the only time I danced through my office with a newly printed office document involved a printer incompatibility, a long project, and way too much coffee.
Show me an ad that says, "Hey this works okay most of the time," or "this router can detect and contain unusual network activity, so viri spread slower" and that's a product that I can trust. Promising pie in the sky only works for idiots.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Bastards, patenting a public working group's suggestion for fixing the broken widget. Anyone else wonder if there is a conspiracy here? If this works for the network appliance giant, SCO might just have a case if they patent a few of the publically submitted kernel patches.
There is very little future in being right when your boss is wrong.
How fortunate of a timing right after OpenBSD just decided to combat software patents with Open Source.
This guy is way out there
CARS (RFC793 [1]) are widely deployed and one of the most often used reliable end to end protocols for PEOPLE TRANSPORTATION. Yet when it was defined over 20 years ago the ROAD SYSTEM, as we know it, was a different place lacking many of the threats that are now common. Recently several rather serious threats have been detailed that can pose new methods for both denial of service and possibly data injection by blind attackers. This document details those threats and also proposes some small changes to the way CARS handle inbound segments that either eliminate the threats or at least minimize them to a more acceptable level.
I don't know if I'm for it or against it now...
You mean Robert Barr, the man from the Redundancy Van from the monopoly of Cizzzcoo-eeeee?
(If you don't get the joke, go check the openBSD website.)
--
http://nemilar.net - Not your grandmother's soup kitchen
AC comments get piped to
NetBEUI becomes a routable protocol... :P
Linux with kernel panic...
MadPenguin.org
Bollocks. They are there to protect investors not innovators. They are there to maintain a monopoly for a limited time, and come from an age that moved far slower than ours does. They are regularly abused, and they hamper progress more often than they promote it. Go ask anyone with a technical or science perspective rather than a business perspective.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
I was planning on migrating two legacy networks off of DECnet and NETBeui over to TCP/IP transports. Considering this, I might as well leave the older protocols in place. Besides being easier to contain at the firewall (drop all non-ip), they are so old as to not be patent encumbered. Plus the netbeui stack actually fits on a floppy, unlike the MS TCP stack, which only fits after massive pruning and compression.
It looks like it is time to switch to IPX or NetBEUI for the internet.
Because we all know that we would all be pulling ox carts screaming "Bring out your dead!" if we didn't have patents...right??? Sorry, man - It's because of patents that we are still traveling around in sub-sonic jalopies, running on KEROSENE no less.
What?
Yes they were - the NRDC (later to become BTG) had a monopoly on the exploitation of publically funded research from its inception.
Patenting things (hovercraft, interferon, CVT, etc.) is entirely different from patenting processes/software - the first can be justified, the second is a can of worms best left unopened.
I think you're trolling, anyway.
oh brave new world, that has such people in it!
Especially the part where Robert Barr says "any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard."
That sounds like to me that Cisco will not be charging a whole lot for this license, it will probably be one of those $1 license deals where once you have it, you have it in perpetuity.
If Cisco don't apply for a patent, someone else WILL and those barstards might end up charging so much for the method that it never becomes a standard.
I don't think Cisco's intent is to make the standard too expensive for it to become an actual standard in use.
I can and have thought up a number of ways to use our IP laws to discourage innovation.
...
...
:] For irony's sake, one could then patent that nonsense generating algorithm (though proving it useful in commerce might be another hurdle... I wonder if they would buy the thought that putting it on a page with ads and making a grand total of $0.38 from the ads would be enough? :)
For example, there's some stupid precident where something like 5 notes were supposedly "subconciously copied." I remember that, from the way they decided things, someone calculated that there were only 5,000 some odd different types of music that would be legally recognized under that precident.
Therefore, if you simply make a CD with each variation (and to comply with other wacky precidents and laws, make it a "dramatic" work--e.g. put some kind of story in there with your music, as well as mixing up the order so as to make your creation more creative than a mere listing of all the possible note combinations), and file a copyright on it.
Voila, you've copyrighted all the music. But you probably don't dare distribute any of it, lest you infringe on every pre-existing work, so you play SCO. Manage to get in the media with some wacky press release (Slashdot would be a good target), and spout off about how you intend to use this to stifle musical innovation "because it's clearly not profitable."
Ramble on a bit about how the industry knows what is best for us--"only unoriginal crap sells! so long as they're just rehashing their old works, we feel that they're not deriving anything from ours, and we simply want the music producers to make money, something you cannot do unless you force-feed the public unoriginal music." Thus you're never under obligation to actually sue anyone, though you can make a show of menacing anyone whose music might be original, telling them that it doesn't seem to derive enough from all their old records, so they must have stolen it from you...
Yes, I realize that this is incredibly contorted logic (I must have been reading too many SCO stories here...), but the upshot of it is that you would be using such a copyright registration to (at least attempt) to stifle innovation.
Now then, as for patents? It's harder to find an example of a bottleneck, as above, and these will cost you over $1,000 each in filing fees alone. Still, you seem to be able to patent the most rediculous things. You could always file some nonsense like "n-click shopping, for n greater than one" (note that you can make "shopping" into any other activity, though you might get hillarious results like "3-click bowling") or just "___ over the internet"
I can even imagine being bored enough to write an "absurd patent generator" in Perl, if I could just think of more such patterns to feed into it
Of course, if you really did invent something wonderful, and you could patent up all the possible ways of using it (so that others couldn't just tweak it and get around your patent), you could always just publicize it and say that you have absolutely no intention of ever letting anyone use your invention until the patent expires. If it was software, you might then make it available via your website for *only* those people where your patent doesn't apply...
There's really nothing to be upset about. From the article:
Basically, the implementation that Cisco is trying to patent is also flawed. OpenBSD's implementation contains better fixes. Who cares if Cisco tries to patent a flawed fix that no one will end up using? Let them waste their money. Let's face it, this move is upsetting on principal but there's really nothing to see here ... move along.
The Cisco is banished from Bejor, never to return.
The prophets have spoken.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
After talking to the likes of Radia Perlman (who is extremely cool fwiw) I have extreme reservations that business model aka software patents do any good for society at all. I wonder where the state of networking would be now if spanning-tree had been patented and we had to wait 17 years before anybody was willing to implement it. I wonder where we could be if a mind like Ms. Perlman's could work on certain areas which really interest her (PKI for one iirc) except it isn't worth walking through a minefield of worthless patents. If HTTP had been patented do we you think we'd be using it or would we be using Gopher? Huh. Cisco has patents related to VRRP so the OpenBSD team develops an alternative and improves on the concept by adding in cryptography and increasing reliability.
And just remember this. For all the success stories you talk about - if it harms society, if it inhibits the arts and sciences - what the government gives it can taketh away. The Wright brothers didn't get to keep their patents.
I don't want knowledge. I want certainty. - Law, David Bowie
For the record... I did some tests on linksys, dlink and netgear wireless access points and linksys was the worst. Netgear was actually the only one to function in all modes as advertised with perfect stability.
I'm not affiliated with any of the above companies. I just thought I'd mention that linksys is junk and owned by cisco. So maybe it's a family trait.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
BTW: one poster said "don't get excited, they'll do a reasonable and non-discriminitory license". That's nice, but it is useless for GPL software (unless they release an implementation under the GPL) and a trap for BSD licensed software (you can end up with code that says you can use it but you can't because of the patent).
Wait, so are you actually saying that if it weren't for patents and they way they are awarded and enforced in the U.S., nobody would have an incentive to invent a fix for this TCP vulnerability?
It is just an Internet-Draft (ID), that has been submitted for IETF approval. The IETF haven't reviewed it yet, nor taken a position on whether it should be a standard or not.
I could submit a ID for a protocol for standing on my head. That doesn't mean it is an IETF recommendation or that it will be.
With all the FUD being expressed by people who don't know much (anything?) about the IETF and its processes, maybe the next higher level after RTFA should be GAFC (Get A F**king Clue).
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
...as Tony says, in the BSD thread, in partial reply to Theo:
QUOTE
What's very amusing is reading section 5 of the draft, wherein the author distributes credit to a number of parties. If Cisco were to file a patent at this point and not include those parties (including other companies), the patent validity would be at risk by reason of excluding a contributor. If Cisco does include all of those other companies in the patent, then all of them must also present the IETF with relevant IPR statements.
Frankly, this is yet another PR blunder by Cisco. If they had simply said nothing or formally put their contribution into the public domain, they wouldn't look so egregiously greedy.
ENDQUOTE
From the 10EAST archive, as quoted in kerneltrap...Theo has some choice comments about the US Patent System and the IETF, too.
IOW, yet again, Cisco trying to cash in on Open Source, in order to desperately prop up their miserable recent record of development, innovation and security, as well as theft from the Open Source Community, in order to keep their stock price up and keep from being listed on F'd Co., where they belong.
Remember guys, this is Amerika. Just because you have the most votes, doesn't mean you get to win.--Fox Mulder
> come from an age that moved far slower than ours does
>Exactly!!! It took so much time and money to come up with some of the major advances in yester-years that they needed the patent restriction timing to help get back some of the cost they stuck into R&D.
One can argue the inverse.. it takes so little time now for something to be reverse engineered and then commoditized that the patent affords the inventor(and investors) the opportunity to recoup r&d and costs to bring to market and then to make some money on the item before its margin goes to 0.
Actually, the router in question is very intelligent. All attempts to connect to MSN are re-routed to Google, and any software downloaded is first routed to the system admin for approval. When it recieves a query for windows update, it returns a package containing FireFox, ThunderBird, AVG antivirus, and SpyBot. I can't tell you what it installs when the user attempts to get SP2, but I can tell you that it isn't called "Lindows."
The ______ Agenda
Europe on the other hand (well, the PCT) has no grace period. Once the invention is disclosed, your rights are out the window. Adopting a policy like this would make it much harder for companies to troll newsgroups/web/discussion boards, get ideas, and file an application based on an implementation. It's not a total solution, but it would be a good start.
As someone that was trying to invalidate an obvious patent filed on date X for a client, let me tell you that finding stuff on the web published over 1 year beforehand was a bitch. Plenty of stuff in the 6 month range, but the web wasn't full blown back in mid 90's like it is now...
-truth
I had a steady B+ in my AI class until I failed the Turing test...
That's their purpose. I don't disagree with that. But Cisco isn't innovating here. Traditionally you could only get a patent on something that was not obvious to a practitioner in the field.
It seems to me that once this vulnerability was discovered, the fix was obvious. There was no innovation in this case.
Don't blame me, I didn't vote for either of them!
don't we have enough patents as it is?
Well, maybe.
What if we were to limit the total number of patents?
The obvious result would be a new market in selling patent slots. You would have to *know* that you could make your investment back before applying because the patent itself would cost so much.
It would decrease the number of frivilous patents filed, but the small inventor would be at a disadvantage.
What do you think, would it be a positive, negative, or a push?
Unless you've got deep pockets, the Patents themselves are only as good as your lawyers that you can afford to defend them (and the legal fees to do so...). Unless you're one of the big players, you don't have the resources to take on any infringers save players that are your own size. Unless the Patent is for something simplistic, the people that would bother to reverse engineer the technology are in the X lb gorilla size class (where "X" is a suitable multiple of 100...) and therefore have more legal and financial resources than you can normally bring to bear. Eolas is an exception where some deep pockets took a lame patent that probably should have never been granted and attacked even deeper pockets- all they did was pursue the alleged infringement by Microsoft at some point. They wouldn't have been able to afford the pursuit of the case had they needed to worry about, oh, say, products or even customers.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Patents exist to protect inventions. And pretty much every country on Earth has - correction - *had* rules stating that math is not an invention. That you cannot patent math, calculations, or math algorithms.
Well, programming is a feild of math. All software is a mathematical function. The only thing a computer can do is calculations.
You can hook a computer up to a speaker that produces sound, you can invent and patent that speaker, but the computer itself can only do math calculations.
Math is not an invention. Software is not an invention. You can't patent addition, you can't patent calculus, and you can't patent the math that is software MP3 calculations.
The US screwed up a case where the court upheld a patent doing a calculus integral to decide how long to cook rubber during manufacturing. You simply integrate heat over time. Simple math, if you are familiar with calculus. It was the ordinary rubber manufacturing process, they just "invented" an equation to decide how long to run the heat. That one bad ruling opened the door to software patents. The US patent office took that lousy ruling and threw the door wide open for patents on math.
Of course they don't directly let you say you're patenting math. Word the application one way and it gets rejected, word the exact same claims a different way and it gets approved. Software patent attorneys admit it's all about using "the magic words". You're patenting the process of doing some calculationon on some hardware. Ordinary PC hardware.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
"It makes more business sense to assume that, despite the fact that we do not copy other company's products, and despite the fact that we do not derive solutions to problems from the patent literature, we will be accused of patent infringement. The only practical response to this problem of unintentional and sometimes unavoidable patent infringement is to file hundreds of patents each year ourselves, so that we can have something to bring to the table in cross-licensing negotiations. In other words, the only rational response to the large number of patents in our field is to contribute to it."
He goes on to make some very interesting arguments saying...
"The patent system does not exist to protect the rights of inventors, or any particular interest group. It doesn't exist to protect what we now call "intellectual property", as if it were protectable for its own sake. The patent system exists to protect the progress of science and the useful arts. If the patent system fails to do that in certain areas, then the costs and negative effects of the patent monopoly cannot be justified. Where the patent system enables true innovation, true progress, where it enables companies to bring new products to consumers in circumstances where they otherwise would not do it, or where it disseminates knowledge that others need and want, then it's working."
So, Cisco appears to be doing this as a matter to protect their own ability to use this fix, not to prevent other from using it. That would seem to fit with his explanation posted earlier...
"That's not what it says, or what I mean to say. It says that nobody has to pay anything, or even ask for a license, unless they want to assert patents against Cisco."
You can read Mr. Barr's full statement before the FTC online (ironically enough) at
Freedom for a Free Information Infrastucture
The two main components provided by OpenBSD are CARP (the Common Address Redundancy Protocol), which allows a backup host to assume the identity of the primary, and pfsync, which ensures that firewall states are synchronised so that the backup can take over exactly where the master left off and no connections will be lost.
CARP
The Common Address Redundancy Protocol manages failover at the intersection of Layers 2 and 3 in the OSI Model (link layer and IP layer). Each CARP group has a virtual MAC (link layer) address, and one or more virtual host IP addresses (the common address). CARP hosts respond to ARP requests for the common address with the virtual MAC address, and the CARP advertisements themselves are sent out with this as the source address, which helps switches quickly determine which port the virtual MAC address is currently "at".
The master of the address sends out CARP advertisement messages via multicast using the CARP protocol (IP Protocol 112) on a regular basis, and the backup hosts listen for this advertisement. If the advertisements stop, the backup hosts will begin advertising. The advertisement frequency is configurable, and the host which advertises most frequently is the one most likely to become master in the event of a failure.
A reader who is familiar with VRRP will find this is somewhat familiar, however there are some significant differences:
* The CARP protocol is address family independent. The OpenBSD implementation supports both IPv4 and IPv6, as a transport for the CARP packets as well as common addresses to be shared.
* CARP has an "arpbalance" feature that allows multiple hosts to share a single IP address simultaneously; in this configuration, there is a virtual MAC address for each host, but only one IP address.
* CARP uses a cryptographically strong SHA-1 HMAC to protect each advertisement.
Besides these technical differences, there is another significant difference (perhaps the most important one, in fact): CARP is not patent encumbered. See this page for details on the history of CARP and our reasons for avoiding a VRRP implementation.
pfsync
pfsync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table.
In order to ensure that pfsync meets the packet volume and latency requirements, the initial implementation has no built-in authentication. An attacker who has local (link layer) access to the subnet used for pfsync traffic can trivially add, change, or remove states from the firewalls. It's possible to run the pfsync protocol on one of the "real" networks, but because of the security risks, it is strongly recommended that a dedicated, trusted network be used for pfsync. This can be as simple as a crossover cable between interfaces on two firewalls
Yes, my only tool is a hammer. And you're starting to look like a nail.
You also need to reread that comment you linked to as it doesn't say what you are implying. Quote:
I don't want knowledge. I want certainty. - Law, David Bowie