Patent application jeopardizes IETF syslog standard


Author: David 'cdlu' Graham

The Internet Engineering Task Force is working on a proposed standard for the age-old but never standardized syslog protocol, but its efforts may be in jeopardy thanks to a patent application by Huawei Technologies Co., Ltd., of Shenzhen, China.

Syslog working group member Rainer Gerhards describes the purpose of the work this way:

Syslog is mostly a de facto standard. This means that no “real” (officially written) standard exists. Syslog has a number of security shortcomings. An IETF working group was created to solve these security issues. A side-effect of this is that the protocol itself must be standardized. One standard — RFC 3195 — is already published. RFC 3195 is a big departure from traditional syslog and not really accepted by the market. The IETF syslog working group is currently trying to standardize

a) the syslog message format
b) messages transmission over a secure transport, namely TLS

In practice, syslog is already being used over TLS (or SSL, which essentially is the same). However, these solutions do not interoperate very well and the big players (like Cisco) do not natively support it because there is no official standard (at least this is my best guess why they do not).

In even shorter words, the IETF is trying to standardize a secure way of doing syslog. A way that is already in widespread use today.

Some members of the working group, including co-chair David Harrington, work for Huawei Technologies, and the company has submitted a patent application. The contents of the patent application have not been released, but the IETF working group has been informed that their standard may conflict with the pending patent.

Huawei’s proposed patent licensing declaration states: “If technology in this document is included in a standard adopted by IETF and any claims of any Huawei patents are necessary for practicing the standard, Huawei will not assert any patents against any party that implements the standard, however that Huawei retains the right to assert its patents against any party that asserts any rights against Huawei; and Huawei retains the right to assert its patents against any product or portion thereof that is not necessary for compliance with the standard.”

News of the patent application has led to a virtual suspension of work on the standard, resulting in a long discussion of what to do.

Gerhards says:

First of all, it is distracting workgroup members from doing actual work. There is a lot of discussion on the patent issue, but much less on the actual work to do. It might even happen that the current approach — syslog over TLS — is dropped in favor of an alternate solution (syslog over SSH). This alternate solution is less used in practice and seems to be more complex to implement (the latter is my personal opinion). In the worst case, Huawei’s move could cause syslog standardization to fail. This is because the working group is already very delayed in delivering its products. It needs to finish its basic tasks by the end of the year or it will most likely be terminated by the IESG (the decision-making body of the IETF). The patent claim definitely causes some extra delay.

No one seems sure exactly what Huawei is patenting. Gerhards praises David Harrington’s contribution to the syslog standard but says he has recused himself from the discussion over what to do over the patent application. This includes stating what it is that Huawei has filed a patent application for.

Gerhards doesn’t have any insight into the topic of what it is Huawei has actually filed for, either, saying:

Quite honestly: I do not know. Huawei’s people have definitely done a good job in looking at what’s currently deployed, what the syslog community wants to see, discuss some technical details (framing and certificates). The technical content of their paper is about four pages, so there isn’t even much substance in it. Everything inside these four pages has been discussed on the IETF mailing list and the content almost exclusively stems back to other people’s comments. Frankly — I am not bashing here — I just can’t find any novel contribution. Other WG members have similar problems. Huawei still says there is something novel, but they are not disclosing it.

Gerhards believes that Huawei wants to settle this issue with the IETF. “The license they are offering, as well as the way they proceed, indicates that they do not want to hinder the IETF process. Huawei employees contributing to the working group seem to have some influence on their employer to solve the situation,” he says.

He goes on to say that the patent is being claimed where nothing new exists. He cites this Usenet post as an example of the technology being standardised in use as early as 1999, and this LinuxJournal article from 2001 on the same topic: syslog with SSL.

“The other problem,” Gerhards goes on, “is that Huawei might change its license, or sell it (maybe as part of a merger), in which case every work based on the substance-less patent again is in danger. As such, I expect that the patent claim will at least stop open source developers from implementing the so-encumbered standard, no matter how liberated the licensing terms may be.”

Who is Huawei and why do they want to patent an unspecified part of a not-yet-complete syslog protocol?

Huawei is a roughly 34,000-employee privately held telecommunications company based in China that is active in most markets outside of North America. One of its major competitors is Cisco, which once accused Huawei of stealing its intellectual property, settling the lawsuit in 2004.

As of press time, Huawei had not responded to a request for comments emailed to the contact address listed on the patent disclosure asking for Huawei’s side of the story, and for comments on what, exactly, Huawei is patenting and why. We will be sure to pass on any responses we might get from Huawei.


  • Legal