header image
The world according to David Graham


acva bili chpc columns committee conferences elections environment essays ethi faae foreign foss guelph hansard highways history indu internet leadership legal military money musings newsletter oggo pacp parlchmbr parlcmte politics presentations proc qp radio reform regs rnnr satire secu smem statements tran transit tributes tv unity

Recent entries

  1. Why do lockdowns and pandemic restrictions continue to exist?
  2. Parliamentary privilege: an arcane concept that can prevent coups
  3. It's not over yet
  4. Trump will win in 2020 (and keep an eye on 2024)
  5. A podcast with Michael Geist on technology and politics
  6. Next steps
  7. On what electoral reform reforms
  8. 2019 Fall campaign newsletter / infolettre campagne d'automne 2019
  9. 2019 Summer newsletter / infolettre été 2019
  10. 2019-07-15 SECU 171
  11. 2019-06-20 RNNR 140
  12. 2019-06-17 14:14 House intervention / intervention en chambre
  13. 2019-06-17 SECU 169
  14. 2019-06-13 PROC 162
  15. 2019-06-10 SECU 167
  16. 2019-06-06 PROC 160
  17. 2019-06-06 INDU 167
  18. 2019-06-05 23:27 House intervention / intervention en chambre
  19. 2019-06-05 15:11 House intervention / intervention en chambre
  20. 2019-06-04 INDU 166
  21. 2019-06-03 SECU 166
  22. 2019 June newsletter / infolettre juin 2019
  23. 2019-05-30 RNNR 137
  24. 2019-05-30 PROC 158
  25. 2019-05-30 INDU 165
  26. 2019-05-29 SECU 165
  27. 2019-05-29 ETHI 155
  28. 2019-05-28 ETHI 154
  29. 2019-05-28 ETHI 153
  30. 2019-05-27 ETHI 151
  31. older entries...

Patent application jeopardizes IETF syslog standard

The Internet Engineering Task Force is working on a proposed standard for the age­old but never standardized syslog protocol, but its efforts may be in jeopardy thanks to a patent application by Huawei Technologies Co., Ltd., of Shenzhen, China.

Syslog working group member Rainer Gerhards describes the purpose of the work this way:

Syslog is mostly a de facto standard. This means that no "real" (officially written) standard exists.

Syslog has a number of security shortcomings. An IETF working group was created to solve these security issues. A side­effect of this is that the protocol itself must be standardized. One standard ­­ RFC 3195 ­­ is already published. RFC 3195 is a big departure from traditional syslog and not really accepted by the market. The IETF syslog working group is currently trying to standardize

a) the syslog message format

b) messages transmission over a secure transport, namely TLS

In practice, syslog is already being used over TLS (or SSL, which essentially is the same).

However, these solutions do not interoperate very well and the big players (like Cisco) do not natively support it because there is no official standard (at least this is my best guess why they do not).

In even shorter words, the IETF is trying to standardize a secure way of doing syslog. A way that is already in widespread use today.

Some members of the working group, including co­chair David Harrington, work for Huawei Technologies, and the company has submitted a patent application. The contents of the patent application have not been released, but the IETF working group has been informed that their standard may conflict with the pending patent.

Huawei's proposed patent licensing declaration states: "If technology in this document is included in a standard adopted by IETF and any claims of any Huawei patents are necessary for practicing the standard, Huawei will not assert any patents against any party that implements the standard, however that Huawei retains the right to assert its patents against any party that asserts any rights against Huawei; and Huawei retains the right to assert its patents against any product or portion thereof that is not necessary for compliance with the standard."

News of the patent application has led to a virtual suspension of work on the standard, resulting in a long discussion of what to do.

Gerhards says:

First of all, it is distracting workgroup members from doing actual work. There is a lot of discussion on the patent issue, but much less on the actual work to do. It might even happen that the current approach ­­ syslog over TLS ­­ is dropped in favor of an alternate solution (syslog over SSH). This alternate solution is less used in practice and seems to be more complex to implement (the latter is my personal opinion). In the worst case, Huawei's move could cause syslog standardization to fail. This is because the working group is already very delayed in delivering its products. It needs to finish its basic tasks by the end of the year or it will most likely be terminated by the IESG (the decision­making body of the IETF). The patent claim definitely causes some extra delay.

No one seems sure exactly what Huawei is patenting. Gerhards praises David Harrington's contribution to the syslog standard but says he has recused himself from the discussion over what to do over the patent application. This includes stating what it is that Huawei has filed a patent application for.

Gerhards doesn't have any insight into the topic of what it is Huawei has actually filed for, either, saying:

Quite honestly: I do not know. Huawei's people have definitely done a good job in looking at what's currently deployed, what the syslog community wants to see, discuss some technical details (framing and certificates). The technical content of their paper is about four pages, so there isn't even much substance in it. Everything inside these four pages has been discussed on the IETF mailing list and the content almost exclusively stems back to other people's comments.

Frankly ­­ I am not bashing here ­­ I just can't find any novel contribution. Other WG members have similar problems. Huawei still says there is something novel, but they are not disclosing it.

Gerhards believes that Huawei wants to settle this issue with the IETF. "The license they are offering, as well as the way they proceed, indicates that they do not want to hinder the IETF process. Huawei employees contributing to the working group seem to have some influence on their employer to solve the situation," he says.

He goes on to say that the patent is being claimed where nothing new exists. He cites this Usenet post as an example of the technology being standardised in use as early as 1999, and this LinuxJournal article from 2001 on the same topic: syslog with SSL.

"The other problem," Gerhards goes on, "is that Huawei might change its license, or sell it (maybe as part of a merger), in which case every work based on the substance­less patent again is in danger. As such, I expect that the patent claim will at least stop open source developers from implementing the so­ encumbered standard, no matter how liberated the licensing terms may be."

Who is Huawei and why do they want to patent an unspecified part of a not­yet­complete syslog protocol?

Huawei is a roughly 34,000­employee privately held telecommunications company based in China that is active in most markets outside of North America. One of its major competitors is Cisco, which once accused Huawei of stealing its intellectual property, settling the lawsuit in 2004.

As of press time, Huawei had not responded to a request for comments emailed to the contact address listed on the patent disclosure asking for Huawei's side of the story, and for comments on what, exactly, Huawei is patenting and why. We will be sure to pass on any responses we might get from Huawei.

Originally posted to Linux.com 2006-06-29; reposted here 2019-11-24.

Posted at 11:29 on June 29, 2006

This entry has been archived. Comments can no longer be posted.

Dion is from Quebec: so what? | foss internet | Canada in 2020: an essay challenge

(RSS) Website generating code and content © 2001-2020 David Graham <david@davidgraham.ca>, unless otherwise noted. All rights reserved. Comments are © their respective authors.