Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Rd/tUmcJy0kgVytV" --Rd/tUmcJy0kgVytV Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Billy Brumley writes: > Despite what Dan wrote, it's not just the lawyers. Not sure what you're disputing. The text didn't say it's _just_ the lawyers; on the contrary, the very next sentence has the "TLS managers" and "higher-ups" falling into line! Basically, whenever the company is doing X, the company has an incentive to avoid having ever generated any paper trail showing knowledge of a patent on X, because of the triple-damages rule. > When part of your (engineering or academic) job is protecting IP by > internally filing Invention Disclosures (IDFs), companies / employers > actively discourage you from searching for prior art for exactly those > reasons. That's typical for large companies, yes. Large companies aren't going to go out of business from stepping on the occasional land mine, and they figure that the cost of triple damages in those cases outweighs the benefit of avoiding some patents. (Sometimes small companies imitate this even when they _could_ go out of business.) On the other hand, when one wants to figure out what can be universally deployed (because the actual objective is, e.g., to protect billions of users against the damage caused by future quantum computers), then it's clearly essential to understand what patents are out there and what they cover. That's why one finds, for example, the following: * https://www.ietf.org/rfc/rfc8179.txt requires IETF participants to immediately disclose all of their relevant patents, so as to allow an "informed decision about the use of a particular technology"--- exactly the opposite of the ostrich approach. * Lemley's 2002 paper "Intellectual Property Rights and Standard-Setting Organizations" studied policies for dozens of big standards organizations, finding that most required immediate patent disclosure and that the rest "generally imposed other conditions that obviated the need for disclosure", such as requiring royalty-free licensing whether or not patents were disclosed. Here's a newer survey of related results: https://dc.law.utah.edu/cgi/viewcontent.cgi?article=1010&context=scholarship * The NISTPQC call for submissions requires NIST to collect and publish patent statements _and_ to evaluate the extent to which any patents could hinder adoption of each submission. ("NIST does not object in principle to algorithms or implementations which may require the use of a patent claim, where technical reasons justify this approach, but will consider any factors which could hinder adoption in the evaluation process.") The alternative, the ostrich approach, isn't _guaranteed_ to produce disastrously unusable standards, but there's a high enough chance and a high enough impact that _of course_ standards-development organizations adopt policies accordingly. See Lemley's 2002 paper for a detailed analysis of the incentives here. In short, the company lawyer's claim that "public discussion on specific alleged patents typically benefits the patent holder" is very far out of whack with the amply documented behavior of standards-development organizations. These organizations _do not_---and, given their objectives, _should not_---handle patents the same way that large companies typically do. ---D. J. Bernstein -- You received this message because you are subscribed to the Google Groups "pqc-forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+unsubscribe@list.nist.gov. To view this discussion on the web visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/20220728140557.450435.qmail%40cr.yp.to. --Rd/tUmcJy0kgVytV Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3QolqQXydru4e4ITsMANTjsOVFkFAmLil8UACgkQsMANTjsO VFnZDBAA03s7eNHEGnBk6f41zjY+Zi57xxxQe6q9zSRJkT/RVp+RPhHBkiUNZxbW K3+0TXMdod53vhwBc1tS39MCT43Rj/DcYNZ8EWDr9GoqADtdcENeXUJlE5y1G2nK cpmxo8dG/t1+oTnsyiuB2Bn3LpCxiQ1/LAmPnKnupr/njctNMLU3Yp+lke97mQhf swQu1CiuhHn2MDS2Fc4OdliOOp6woRWuuI42sMSgoZ9QjVBpfN1GhXuHwoXHIdsE zEzTVyMfB5EU5kNLKZqH2oOtzE1vycL5v+B35OZydYLUOMFSBiFoUgQKMuD/u8N/ lfuML11yE1/t5sEeWM4TW2YGzisTZ51y5+rGSpC/+2U0w9UvCDViWPQSn3iESUUQ 84VZmEMq40b9oxiX9y5H/mpJcwdEbrgYL1PSQ5HUQNBB4AMDUJs7Bh+FHXfusboh 9gcoYHNpuuMLnCRLut6jWCvdk/gGI0nTElAdf9yof6So23J75JxOYJlmkzAwT1cG HRFTxMBGieHevZ2gcZ7fHwTWKnsGqyEOX/5hMVxNWoFZv/tBA9VffH4m6y0h7hhK FIcC5hJzpPgLolG2qaQzXuB9RlJ2JpgAR7c6p6JlPUu5vtqChGHJStfWFavkf4no ipPWU/dsGpOS6/BIq7rM7Fb0VH/F95QFrDaGxH2JEkA2ra3cXMg= =VNiW -----END PGP SIGNATURE----- --Rd/tUmcJy0kgVytV--