Free-ietf-review

I have created a mailing list whose purpose is to discuss everything related to free software and the IETF, in particular themes related to copyright and patent. The idea is also to CC this list on discussions in various IETF areas that is relevant to the topic, so that everyone on this list becomes aware of what is going on. For example of useful things to CC are reviews (from a free software perspective) of documents in last call, and discussions in working groups related to patent/copyright decisions.

You may subscribe to the list.

TLS-AUTHZ Patent Concerns

I’ve implemented tls-authz in GnuTLS but there has been a long discussion of the patent situation for that technology on the IETF list. A few days ago there was a new IPR Disclosure with a patent license for this technology:

https://datatracker.ietf.org/public/ipr_detail_show.cgi?&ipr_id=833

I evaluated this license from a free software perspective, here is my writeup:

http://article.gmane.org/gmane.ietf.general/24690

EnigForm – HTML/HTTP forms with OpenPGP

Talking to Buanzo, I have been testing the EnigForm plugin for Mozilla. Briefly, EnigForm gives you OpenPGP signing of HTML forms, based on GnuPG, by setting some HTTP headers with the OpenPGP data. This is quite cool, I imagine two use-cases:

  • PGP-based web-authentication. Type your username, have a hidden form field with a nonce, and have EnigForm sign the data. The server verifies the signature, and you have been logged on.
  • PGP-protected web-based forums, bug-tracking systems, polls, etc. What you write in a HTML form is signed by EnigForm, and the server knows who wrote it, and there is persistent evidence of it. Imagine Debian votes through the web instead of via e-mail!

I think this should be documented and forwarded to the IETF for standardization. It is a good example of a simple invention that uses two existing techniques in a new way.

Password-based Authentication Protocol

There was a large increase in activity on password-based SASL authentication mechanism in the Prague IETF, with three new proposals. Unfortunately, I was travelling over the I-D cutoff, so my document didn’t make it. However, I’ve now finished a -00 document for it. The goal was initially to just specify a GSS-API mechanism, but it seemed easier to specify a framework-agnostic protocol (with some influences from GSS-API and SASL) and then specify the mapping to GSS-API and SASL.

http://josefsson.org/password-auth/

LibIDN 0.6.11

Today I released a new version of LibIDN. No major changes, although Alexander Gnauck contributed an update of his C# port.

I’m feeling somewhat saddened how far the IDNAbis proposals are going without any attempts to work with the SASLPrep community. I predict that SASLPrep2 will be a fork of StringPrep1, rather than a profile of StringPrep2.

Update! It seems savannah.gnu.org is down, which seems to affect uploads to alpha.gnu.org. The normal distribution URLs go to a directory checked out from CVS, but I’ve manually made sure the directory contain the latest release even though CVS checkouts doesn’t work.