The reason is CAB’s new ‘Intellectual Property Rights Policy’ announced yesterday. It states that “As a condition of CAB Forum participation, each CAB Forum Participant shall.. make available under a CAB Forum Royalty-Free (“RF”) License, any Essential Claims related to any CAB Forum Final Guideline or Final Maintenance Guideline.” ‘Essential Claims’ are patents. In short, all CAB members are now required to allow all other CAB members royalty-free use of their patents; a requirement Entrust says that, with regret, it cannot support.
Entrust’s concern is that a move designed to strengthen security in the SSL market will actually weaken it. “We do not believe, however, that simply giving away intellectual property makes the SSL market safer,” said Entrust CEO and president Bill Conner. “In fact, we’re of the strong opinion it does the exact opposite.” He is not alone: Entrust was just one of 18 member CAs that chose to withdraw from the Forum.
Free access to and use of existing patents could increase competition by attracting new and dynamic entrants to the market. However, Entrust sees this as a security problem rather than a benefit. “At a time when the SSL industry is under intense scrutiny, with many organizations being compromised by attacks, it is unconscionable that the CA/Browser Forum mandates new IP policy to further fragment the industry,” said Conner.
In reality, in a separate blog written by CTO Jon Callas, Entrust hopes it will be a short-lived withdrawal. The wording within the policy includes ‘affiliates’, which CAB defines as “an entity that directly or indirectly controls, is controlled by or is under common control with, a Participant.” For Entrust, this would thus include its parent equity company Thoma Bravo and all of Thoma Bravo’s portfolio. “We are simply not legally entitled to sign for those companies. That obligation would also apply to any new companies our owner purchases and would continue to the present partner companies once they leave Thoma Bravo.”
Entrust is now working with a number of other former members of the forum to develop an alternative IPR policy. “Unfortunately,” adds Callas, “this is being complicated by some of the members who are competitors, who are claiming that we and the other members were somehow thrown out of the Forum, and that this will somehow affect whether our certificate roots will be in the various browsers. This is not true.” This is largely an internal dispute. “We hope that this will be resolved soon, and we hope that it does not damage the credibility of the Forum as a whole.”