If you are talking about asking companies for money to give IEEE to
open the document for everyone, I would support this. Baring that, IEEE
will get their money by selling individuals getting copies.
If you are talking about giving IEEE the money to allow NIST to write their
own document, then I disagree with your logic.
We (the members) are being asked by you to give up thousands each for just
one government that wants to standardize this algorithm. What are we going
to do when the UK, Canada, China, France, and the 230 other countries that are
part of the UN?
The CCM case, in addition to the fact that the 802.11 are open (for some
reason) there were clear scholarly papers on that subject out
there.
Your argument about IEEE being cheap is not correct at all. This is an IEEE
group, not because it is cheap, because it is open standards
committee. T10, T11, T13 are ANSI organizations and participation does not
require membership in INCITS which is part of the SCSI Trade Association.
The others, TCG, SNIA, OASIS, as well as INCITS and the SCSI Trade
Association are neither open nor standards committees, they
are trade group, industry association or consortium. IEEE 1619 is
not a trade group, industry association or consortium and this group
benefits greatly because of that fact, and this fact has nothing to do with the
cost of IEEE.
I would think that IEEE's goals would be better met by IEEE releasing the
document for the creation of any national standard provided the standard is not
modified, and the IEEE and the document information is clearly stated in the
national standard. This advertising would be valuable to IEEE. If they do this
they will make far more money than if we write our own scholarly paper
and bypass IEEE (which we can).
I am unswayed by your argument. You may suggest as you wish, but I again
strongly recommend that take my objections to IEEE.
If IEEE does not allow NIST to standardize P1619 without extorting
thousands of dollars from the members then I strongly suggest that we write
a scholarly paper that contains the algorithm and all it's tweaks
using our original stuff and submit it for publication somewhere and then
give this document to NIST.
I would expect that Jack and Curtis will be interested in this also since
this sets the precedence that any nation interested in standardizing any
of their standards will require this payment to IEEE.
Frankly, I hope I have this wrong.
Jim
On Feb 25, 2008, at 5:36 AM, Matt Ball wrote:
Jim and Doug,
These are very good points, and I
agree that it seems silly to donate our time for free, and then pay IEEE to
get access to the document that we spent 5 hard years writing.
But it
is equally important to see the IEEE point-of-view. IEEE has spent
thousands of dollars over the last 5 years supporting P1619, through paid
administrative assistants, staff liaisons, editors, and hasn't seen any
significant return yet, nor can absolutely expect one (most IEEE standards are
largely unused). In this light, it seems very reasonable for IEEE-SA to
ask for a little money to recoup its expenses on P1619.
Doug, you
mentioned that there was no charge for 802.11i when NIST wanted to make this a
standard. This perception is the result of some slight-of-hand by the
802 LAN/MAN standards committee. What actually happens is that the 802
charges for face-to-face meetings and uses this money to fund free
publication. You can get 802.11i and most every other 802 standard for
free as a result. (See <http://standards.ieee.org/getieee802/802.11.html>).
NIST's getting a free copy of CCM during the public review process was just a
result of this policy.
The reality is that IEEE-SA makes a significant
amount of money off of 802 standards. The 802 LAN/MAN committee can
leverage some good rates with IEEE-SA, but they still pay.
Asking for a
thousand or so each would be a very reasonable rate for the service that IEEE
provides. There is no other standards group that I know of that could
have let us develop P1619 as cheaply as we've done. Most of the big
groups ask for over $10k a year (TCG, SNIA, OASIS). Even INCITS (T10,
T11, T13) costs over a thousand a year now. P1619 is still free for
participation.
Next month in Piscataway, I will show IEEE a compelling
value-proposition for the free publication of XTS during the NIST public
comment period (increased public-awareness of IEEE P1619, advertising for
P1619.1, .2, .3, etc), but the chance of making this sale for free is
low.
Hope this clears things up!
Cheers,
-Matt
On Sun, Feb 24, 2008 at 1:53 PM, Doug Whiting
wrote:
I agree with Jim. I
believe that NIST will just take the IEEE doc for information and
then write their own "compatible" doc in their own format. So it's
not really a copyright issue, as I see it. I'm quite sure that, when we
designed and wrote up the CCM algorithm for 802.11i (WiFi), there was no
charge when NIST wanted to make that a standard. Seems like there must be a
way for NIST to do this for free.
I spent a bunch of my
time working on this effort to help out, and I allowed IEEE to use my
example source code for free in the doc. Otherwise I'm not inclined to spend
any more time participating in future IEEE standards.
From: James Hughes
Sent: Sunday,
February 24, 2008 3:04 AMSubject: Re: [STDS-P1619] IEEE 1619 XTS
submission to NIST for consideration as an Approved Mode of Operation, and
Call for Sponsors
I personally find this extortion abhorent. The use of a standard as a
standard is what the IEEE standards orgnization is about. NIST is NOT going
to profit from this. The only profit will be IEEE who's stature as a
relevant standards creation organization will be heightened. I feel that
this is being charged because the companes involved can afford it, not
became it is right. I personally feel ashamed. Please, when you present your
case state my opinion as an Sr IEEE member, conference organizer and TC
Chair.
On Feb 22, 2008, at 3:50 PM, Matt Ball wrote:
Hi All,
Here's the latest update on submitting XTS-AES to
NIST:
Right now Jack Cole and I are working with IEEE-SA to ask for
a copyright release on the portion of IEEE 1619 (approved last December)
that describes the XTS-AES cryptographic mode of operation. We would
like to submit XTS to NIST for consideration as an Approved Mode of
Operation for FIPS 140-2 certification. Serge Plotkin has offered to
write up such a proposal.
Sun Microsystems is sponsoring me to fly
out to Piscataway, NJ during the IEEE standards board meeting (March
26-27) to discuss terms for releasing the copyright during NIST' public
review period for XTS.
IEEE is unlikely to do this for free.
I don't know what the final price will be, but it will likely be in the
range of $10k - $40k. For this reason, I ask that all of you who
benefit from the approval of IEEE 1619 XTS to please consider donating a
few thousand dollars to help IEEE 1619 gain acceptance by NIST for FIPS
140-2. Such acceptance would be highly strategic for many encryption
products.
Please let me know if your company is able to contribute
to the copyright release of XTS. I'll need to know before March
26th, which gives you a month or so to check budgets. Contributions
would be collect in April, so this will likely come from next quarter's
budget. :)
Please let me know if you have any questions, and I
thank you for your support!
--
Thanks!
Matt Ball,
IEEE P1619.x SISWG Chair
M.V. Ball Technical Consulting, Inc.
Phone:
303-469-2469, Cell: 303-717-2717
http://www.mvballtech.comhttp://www.linkedin.com/in/matthewvball
This email message is for the sole use
of the intended recipient(s) and may contain confidential and privileged
information which is protected from disclosure. Any unauthorized review,
use, disclosure or distribution by any means is prohibited. If you are not
the intended recipient, please contact the sender by reply email or at (408)
399-3500 and destroy all copies of the original
message.
--
Thanks!
Matt Ball, IEEE P1619.x SISWG Chair
M.V. Ball Technical
Consulting, Inc.
Phone: 303-469-2469, Cell: 303-717-2717
http://www.mvballtech.com
http://www.linkedin.com/in/matthewvball