summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc6701.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc6701.txt')
-rw-r--r--doc/rfc/rfc6701.txt675
1 files changed, 675 insertions, 0 deletions
diff --git a/doc/rfc/rfc6701.txt b/doc/rfc/rfc6701.txt
new file mode 100644
index 0000000..07b69c4
--- /dev/null
+++ b/doc/rfc/rfc6701.txt
@@ -0,0 +1,675 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF) A. Farrel
+Request for Comments: 6701 Juniper Networks
+Category: Informational P. Resnick
+ISSN: 2070-1721 Qualcomm
+ August 2012
+
+
+ Sanctions Available for Application to Violators of IETF IPR Policy
+
+Abstract
+
+ The IETF has developed and documented policies that govern the
+ behavior of all IETF participants with respect to Intellectual
+ Property Rights (IPR) about which they might reasonably be aware.
+
+ The IETF takes conformance to these IPR policies very seriously.
+ However, there has been some ambiguity as to what the appropriate
+ sanctions are for the violation of these policies, and how and by
+ whom those sanctions are to be applied.
+
+ This document discusses these issues and provides a suite of
+ potential actions that can be taken within the IETF community in
+ cases related to patents.
+
+Status of This Memo
+
+ This document is not an Internet Standards Track specification; it is
+ published for informational purposes.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Not all documents
+ approved by the IESG are a candidate for any level of Internet
+ Standard; see Section 2 of RFC 5741.
+
+ Information about the current status of this document, any
+ errata, and how to provide feedback on it may be obtained at
+ http://www.rfc-editor.org/info/rfc6701.
+
+
+
+
+
+
+
+
+
+
+
+
+Farrel & Resnick Informational [Page 1]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+Copyright Notice
+
+ Copyright (c) 2012 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+1. Introduction
+
+ The IETF has developed and documented policies that govern the
+ behavior of all IETF participants with respect to intellectual
+ property about which they might reasonably be aware. These are
+ documented in RFC 3979 [BCP79] and are frequently brought to the
+ attention of IETF participants. This document summarizes and
+ references those policies, but does not replace or stand in for the
+ full statement of the policies found in [BCP79]. Readers and IETF
+ participants need to be aware of the content of [BCP79].
+
+ The policies set out in RFC 3979 [BCP79] state that each individual
+ participant is responsible for disclosing or ensuring the disclosure
+ of Intellectual Property Rights (IPR) where all of the following
+ apply:
+
+ - they are aware of the IPR
+
+ - the IPR is relevant to the IETF work they are participating in
+
+ - the IPR is owned by the individual or by a company that employs or
+ sponsors the individual's work.
+
+ Conformance to these IPR policies is very important, and there is a
+ need to understand both what sanctions can be applied to participants
+ who violate the policies, and who is in a position to apply the
+ sanctions.
+
+ This document discusses these issues and provides a suite of
+ potential actions that can be taken within the IETF community in
+ cases related to patents. All of these sanctions are currently
+ available in IETF processes, and at least two instances of violation
+ of the IPR policy have been handled using some of the sanctions
+
+
+
+Farrel & Resnick Informational [Page 2]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+ listed. As explicitly called out in Section 4, a posting rights (PR)
+ action (described in [BCP25] and [RFC3683]) is an applicable sanction
+ for the case of a breach of the IETF's IPR policy.
+
+ Note: This document specifies some administrative sanctions that can
+ be imposed by and through IETF administrative processes. In
+ particular, this document does not address or limit other legal
+ sanctions, rights, or remedies that are available outside of the IETF
+ or any of the legal rights or remedies that anyone has regarding IPR.
+
+ This document does not consider the parallel, but important, issue of
+ ways to actively promote conformance with the IETF's IPR policy.
+ That topic is discussed in [RFC6702].
+
+2. Description of IETF IPR Policy
+
+ The IETF's IPR policy is set out in [BCP79]. Nothing in this
+ document defines or redefines the IETF's IPR policy. This section
+ simply highlights some important aspects of those policies.
+ Additional information on the IETF's IPR policy may be found at
+ [URLIPR] and [URLIESGIPR].
+
+2.1. Responsibilities of IETF Participants and Timeliness
+
+ According to RFC 3979 [BCP79], individual IETF participants have a
+ personal responsibility to disclose or ensure the timely disclosure
+ of IPR of which they are aware and which they own or which is owned
+ by a company that employs or sponsors them, and which impinges upon
+ the contribution that they make to the IETF.
+
+ A "contribution" is also defined in RFC 3979 [BCP79] and includes
+ Internet-Drafts, emails to IETF mailing lists, presentations at IETF
+ meetings, and comments made at the microphone during IETF meetings.
+ Remote participants as well as those participating in person at IETF
+ meetings are bound by this definition.
+
+ The timeliness of disclosure is very important within RFC 3979
+ [BCP79]. No precise definition of "timeliness" is given in RFC 3979
+ [BCP79], and it is not the purpose of this document to do so. But it
+ is important to understand that the impact that an IPR disclosure has
+ on the smooth working of the IETF is directly related to how late in
+ the process the disclosure is made. Thus, a disclosure made on a
+ published RFC is very likely to be more disruptive to the IETF than
+ such a disclosure on an early revision of an individual submission of
+ an Internet-Draft.
+
+
+
+
+
+
+Farrel & Resnick Informational [Page 3]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+ Third-party disclosures can also be made by anyone who has cause to
+ believe that IPR exists. Such disclosures must be accompanied by the
+ reasons for the disclosures.
+
+ It is important to note that each individual IETF participant has a
+ choice under the IETF's IPR policy. If the individual is unwilling
+ or unable to disclose the existence of relevant IPR in a timely
+ manner, that individual has the option to refrain from contributing
+ to and participating in IETF activities about the technology covered
+ by the IPR.
+
+2.2. How Attention Is Drawn to These Responsibilities
+
+ The IETF draws the attention of all participants to the IPR policy
+ [BCP79] through the "Note Well" statement that appears on the IETF
+ web pages [URLNoteWell], in presentations at working group and
+ plenary meetings, as well as in the boilerplate text appearing in
+ each Internet-Draft and RFC. Additionally, the Note Well statement
+ is accepted by any person signing up to join an email list hosted at
+ ietf.org.
+
+ [RFC6702] suggests a number of additional ways in which the attention
+ of IETF participants can be drawn to the IPR policy.
+
+2.3. How IPR Disclosures Are Made
+
+ The procedure for filing IPR disclosures is shown on the IETF's web
+ site at [URLDisclose]. Third-party disclosures can also be made by
+ email to the IETF Secretariat or via the web page.
+
+ Note that early disclosures or warnings that there might be IPR on a
+ technology can also be made.
+
+2.4. How Working Groups Consider IPR Disclosures
+
+ In the normal course of events, a working group that is notified of
+ the existence of IPR must make a decision about whether to continue
+ with the work as it is, or whether to revise the work to attempt to
+ avoid the IPR claim. This decision is made on the working group's
+ mailing list using normal rough consensus procedures. However,
+ discussions of the applicability of an IPR claim or of the
+ appropriateness or merit of the IPR licensing terms are outside the
+ scope of the WG. The IPR situation is considered by working group
+ participants as the document advances through the development process
+ [RFC2026], in particular at key times such as adoption of the
+ document by the working group and during last call.
+
+
+
+
+
+Farrel & Resnick Informational [Page 4]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+ It needs to be clearly understood that the way that the working group
+ handles an IPR disclosure is distinct from the sanctions that can be
+ applied to the individuals who violated the IETF's IPR policy. That
+ is, the decision by a working group to, for example, entirely re-work
+ an Internet-Draft in order to avoid a piece of IPR that has been
+ disclosed should not be seen as a sanction against the authors.
+ Indeed, and especially in the case of a late IPR disclosure, that a
+ working group decides to do this can be considered a harmful side
+ effect on the working group (in that it slows down the publication of
+ an RFC and might derail other work the working group could be doing)
+ and should be considered as one of the reasons to apply sanctions to
+ the individuals concerned as described in the next two sections.
+
+2.5. The Desire for Sanctions
+
+ Not conforming to the IETF's IPR policy undermines the work of the
+ IETF, and sanctions ought to be applied against offenders.
+
+2.6. Severity of Violations
+
+ Clearly there are different sorts of violations of IPR policy.
+ Sometimes, a working group participant simply does not realize that
+ the IPR that they invented applies to a particular working group
+ draft. Sanctions (if any) need not be at all severe. However, a
+ working group document editor who waits until near the publication of
+ a document to reveal IPR of which they themselves are the author
+ should be subject to more serious sanctions. These are judgments
+ that can be made by the working group chairs and area director.
+
+ This topic forms the bulk of the material in Sections 5 and 6.
+
+3. Who Initiates Sanctions
+
+ Any IETF participant can draw attention to an apparent violation of
+ the IETF's IPR policy. This can be done by sending email with a
+ short summary of the relevant facts and events to the appropriate
+ IETF mailing list. Normally, the working group chairs and area
+ directors assume the responsibility for ensuring the smooth running
+ of the IETF and for the enforcement of IETF policies including the
+ IPR policy. Thus, when sanctions are appropriate, working group
+ chairs will be the first actors when there is an active working group
+ involved in the technical work, and area directors will be the first
+ actors in other cases. The first step will usually be the working
+ group chairs or area director to gather the facts and discuss the
+ matter with the IETF participants involved.
+
+ Working group chairs are already empowered to take action against
+ working group participants who flout the IPR rules and so disrupt the
+
+
+
+Farrel & Resnick Informational [Page 5]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+ smooth running of the IETF or a specific working group, just as they
+ can take such action in the face of other disruptions.
+
+ The working group chairs have the responsibility to select the
+ appropriate actions since they are closest to the details of the
+ issue. Where there is no working group involved or where making the
+ decision or applying the sanctions is uncomfortable or difficult for
+ the working group chairs, the responsible AD is available to guide or
+ direct the action if necessary.
+
+4. Available Sanctions
+
+ This section lists some of the sanctions available to handle the case
+ of an individual who violates the IETF's IPR policies. It is not
+ intended to be an exhaustive list, nor is it suggested that only one
+ sanction be applied in any case. Furthermore, it is not suggested
+ here that every case of IPR policy infringement is the same or that
+ the severest sanctions may be applied in each case.
+
+ In many cases, it may be appropriate to notify a wider IETF community
+ of the violation and sanctions so that patterns of behavior can be
+ spotted and handled.
+
+ The sanctions are listed in approximate order of severity, but the
+ ordering should not be taken as definitive or as driving different
+ decisions in different cases. Section 5 provides some notes on
+ fairness, while Section 6 gives some guidance on selecting an
+ appropriate sanction in any specific case.
+
+ a. A private discussion between the working group chair or area
+ director and the individual to understand what went wrong and how
+ it can be prevented in the future.
+
+ b. A formal, but private, warning that the individuals must improve
+ their behavior or risk one of the other sanctions.
+
+ c. A formal warning on an IETF mailing list that the individuals must
+ improve their behavior or risk one of the other sanctions.
+
+ d. Announcement to the working group of the failure by the
+ individuals ("name and shame").
+
+ e. On-going refusal to accept the individuals as editors of any new
+ working group documents. The appointment of editors of working
+ group documents is entirely at the discretion of the working group
+ chairs acting for the working group as explained in RFC 2418
+ [BCP25].
+
+
+
+
+Farrel & Resnick Informational [Page 6]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+ f. Removal of the individuals as working group document editors on
+ specific documents or across the whole working group.
+
+ g. Re-positioning of the individuals' attribution in a document to
+ the "Acknowledgements" section with or without a note explaining
+ why they are listed there and not in the "Authors' Addresses"
+ section (viz. the IPR policy violation). This action can also be
+ recorded by the area director in the Datatracker entries for the
+ documents concerned.
+
+ h. Deprecation or rejection of the individual document (whether it be
+ an RFC or Internet-Draft) or cessation of work on the affected
+ technology.
+
+ i. Application of a temporary suspension of indiviuals' posting
+ rights to a specific mailing list according to the guidelines
+ expressed in [BCP25]. Such bans are applied to specific
+ individuals and to individual working group mailing lists at the
+ discretion of the working group chairs for a period of no more
+ than 30 days.
+
+ j. The removal of individuals' posting privileges using a Posting
+ Rights Action (PR Action) as per [RFC3683]. This is a more
+ drastic measure that can be applied when other sanctions are
+ considered insufficient or to have been ineffective. When a PR
+ action is in place, the subjects have their posting rights to a
+ particular IETF mailing list removed for a period of a year
+ (unless the action is revoked or extended), and maintainers of any
+ IETF mailing list may, at their discretion and without further
+ recourse to explanation or discussion, also remove posting rights.
+
+ PR actions are introduced by an area director and are considered
+ by the IETF community and the IESG in order to determine IETF
+ consensus.
+
+ Note that individuals who have supplied text that is included in an
+ IETF document (RFC or Internet-Draft) have a right to be recognized
+ for their contribution. This means that authors' names cannot be
+ entirely removed from a document in the event that they violate the
+ IETF's IPR policy unless the text they contributed is also completely
+ removed. But an individual's name can be removed from the front page
+ and even moved from the "Authors' Addresses" section so long as
+ proper acknowledgement of the contribution is given in the
+ "Acknowledgements" section.
+
+
+
+
+
+
+
+Farrel & Resnick Informational [Page 7]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+4.1. An Additional Note on the Applicability of PR Actions
+
+ The applicability of PR actions in the event of IPR policy possibly
+ needs some explanation. According to [RFC3683], a PR action may be
+ considered as a practice for use by the IETF in the case that "a
+ participant has engaged in a 'denial-of-service' attack to disrupt
+ the consensus-driven process".
+
+ [RFC3683] further cites RFC 2418 [BCP25] and [RFC3005] for guidelines
+ for dealing with abusive behavior. RFC 2418 is updated by RFC 3934
+ in this matter (see [BCP25]).
+
+ In some cases, ignoring or flouting the IETF's IPR policy may be
+ considered as disruptive to the smooth operation of a working group
+ or of the whole IETF such that the offender might be deemed to be a
+ disruptive individual under the terms of [BCP25] and [RFC3683], and
+ so is liable to be the subject of a sanction that restricts their
+ rights to post to IETF mailing lists as described in bullets h and i
+ of Section 4 of this document.
+
+5. A Note on Fairness and Appealing Decisions
+
+ As with all decisions made within the IETF, any person who feels that
+ they have been subject to unfair treatment or who considers that a
+ decision has been made incorrectly may appeal the decision. The
+ IETF's appeals procedures are described in Section 6.5 of [RFC2026]
+ and reinforced in the IESG statement at [URLIESG2026]. Any sanctions
+ described above may be appealed using these procedures.
+
+6. Guidance on Selecting and Applying Sanctions
+
+ Whoever is applying sanctions for breaching the IETF's IPR policy
+ will want to be sure that the chosen sanction matches the severity of
+ the offense and considers all circumstances. The judgment needs to
+ be applied equitably should similar situations arise in the future.
+
+ If in any doubt, the person selecting and applying the sanctions
+ should seek the opinion of the relevant part of the IETF community or
+ the community as a whole. Furthermore, the person should not
+ hesitate to seek the advice of their colleagues (co-chairs, area
+ directors, or the whole IESG).
+
+ This is a judgment call based on all circumstances of each specific
+ case. Some notes on guidance are supplied in Appendix A.
+
+
+
+
+
+
+
+Farrel & Resnick Informational [Page 8]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+7. Security Considerations
+
+ While nothing in this document directly affects the operational
+ security of the Internet, failing to follow the IETF's IPR policies
+ can be disruptive to the IETF's standards development processes and
+ so may be regarded as an attack on the correct operation of the IETF.
+ Furthermore, a late IPR disclosure (or a complete failure to
+ disclose) could represent an attack on the use of deployed and
+ operational equipment in the Internet.
+
+8. Acknowledgments
+
+ Thanks to Lou Berger, Ross Callon, Stewart Bryant, Jari Arkko, and
+ Peter Saint-Andre for comments on an early version of this document.
+
+ Thanks to Subramanian Moonesamy and Tom Petch for their comments on
+ the work. Thanks to Dan Wing, Tony Li, and Steve Bellovin for
+ discussions. Thanks to Stephen Farrell for providing a thorough
+ review as document shepherd.
+
+ Additional thanks for textual improvements around IETF last call go
+ to Randy Bush, Brian Carpenter, Jorge Contreras, Russ Housley, Barry
+ Leiba, Murray S. Kucherawy, Benoit Claise, Sean Turner, and Stewart
+ Bryant.
+
+9. References
+
+9.1. Normative References
+
+ [BCP25] Bradner, S., "IETF Working Group Guidelines and
+ Procedures", BCP 25, RFC 2418, September 1998.
+
+ Wasserman, M., "Updates to RFC 2418 Regarding the
+ Management of IETF Mailing Lists", BCP 25, RFC 3934,
+ October 2004.
+
+ [BCP79] Bradner, S., Ed., "Intellectual Property Rights in IETF
+ Technology", BCP 79, RFC 3979, March 2005.
+
+ Narten, T., "Clarification of the Third Party
+ Disclosure Procedure in RFC 3979", BCP 79, RFC 4879,
+ April 2007.
+
+ [RFC2026] Bradner, S., "The Internet Standards Process --
+ Revision 3", BCP 9, RFC 2026, October 1996.
+
+ [RFC3683] Rose, M., "A Practice for Revoking Posting Rights to
+ IETF Mailing Lists", BCP 83, RFC 3683, March 2004.
+
+
+
+Farrel & Resnick Informational [Page 9]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+9.2. Informative References
+
+ [RFC3005] Harris, S., "IETF Discussion List Charter", BCP 45, RFC
+ 3005, November 2000.
+
+ [RFC6702] Polk, T. and P. Saint-Andre, "Promoting Compliance with
+ Intellectual Property Rights (IPR) Disclosure Rules",
+ RFC 6702, August 2012.
+
+ [URLDisclose] IETF, "File an IPR Disclosure",
+ http://www.ietf.org/ipr/file-disclosure.
+
+ [URLIESG2026] IETF, "On Appeals of IESG and Area Director Actions and
+ Decisions",
+ http://www.ietf.org/iesg/statement/appeal.html.
+
+ [URLIESGIPR] IETF Tools, "Intellectual Property",
+ http://trac.tools.ietf.org/group/iesg/trac/
+ wiki/IntellectualProperty.
+
+ [URLIPR] IETF, "Intellectual Property Rights (IPR) Policy",
+ http://www.ietf.org/ipr/policy.html.
+
+ [URLNoteWell] IETF, "Note Well",
+ http://www.ietf.org/about/note-well.html.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Farrel & Resnick Informational [Page 10]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+Appendix A. Guidance on Selecting and Applying Sanctions
+
+ As discussed in Section 6, the selection of sanctions needs to be a
+ carefully made judgment call that considers all relevant
+ circumstances and events. This Appendix provides a list of questions
+ that might form part of that judgment.
+
+ This list of considerations is for guidance and is not prescriptive
+ or exhaustive, and it does not imply any weighting of the
+ considerations.
+
+ - How long has the participant been active in the IETF?
+
+ - Is there some exceptional circumstance?
+
+ - Are there special circumstances that imply that the individual
+ would not have seen or understood the pointers to and content of
+ [BCP79]?
+
+ - How late is the disclosure? Is the document already a working
+ group document? How many revisions have been published? How much
+ time has elapsed? Have last calls been held? Has the work been
+ published as an RFC?
+
+ - Is the individual a minor contributor to the IETF work, or is the
+ individual clearly a major contributor?
+
+ - Is there a reason for the individual forgetting the existence of
+ the IPR (for example, it was filed many years previous to the work
+ in the IETF)?
+
+ - Was the individual told by their company that disclosure was
+ imminent, but then something different happened?
+
+ - How speedy and humble was the individual's apology?
+
+ - How disruptive to the IETF work are the disclosure and the
+ associated license terms? A factor in this will be whether or not
+ the IETF community sees the need to re-work the document.
+
+ - Does the large number of patents that the individual has invented
+ provide any level of excuse for failing to notice that one of
+ their patents covered the IETF work?
+
+
+
+
+
+
+
+
+Farrel & Resnick Informational [Page 11]
+
+RFC 6701 Sanctions for Violators of IETF IPR Policy August 2012
+
+
+Authors' Addresses
+
+ Adrian Farrel
+ Juniper Networks
+ EMail: adrian@olddog.co.uk
+
+ Pete Resnick
+ Qualcomm
+ EMail: presnick@qualcomm.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Farrel & Resnick Informational [Page 12]
+