Last week, Entrust announced that it was reluctantly leaving the CAB Forum, an organization it co-founded six years ago to promote standards within Extended Validation SSLs (EV-SSL). Jon Callas, Entrust’s CTO, explained the background. It revolves around CAB’s new IPR policy. It is worth noting that Entrust was not the only company to leave over the issue: others included RSA and RIM.
The problem is over the IPR wording. As it stands, it is now mandatory for all members to make their IP available to all other members free of charge. This, said Callas is bad enough: the value of a company is tied up in its intellectual property. “A company in RIM’s current position will need to keep tight control over its IP,” he commented. But for companies like Entrust and RSA, the real problem is in the wider implications of the wording. Any CAB member that signs up to the policy, merely by being a member, effectively not only signs over its own IP rights, but also those of all associated companies and their associates.
In Entrust’s case that would include the IP of its venture capital investor Thoma Bravo, and the IP of all of Thomo Bravo’s other investments. Thoma Bravo simply stepped in and told Entrust “you cannot do that.” For RSA, Callas told Infosecurity, “that would also include all the IP of its parent company EMC – something that is clearly unacceptable.” In short, the IPR policy voted in by the larger number of smaller companies provides free access to the IP of the market leaders, and also free access to other completely unrelated IP.
“The policy document allows for exceptions”, said Callas. “We can specifically exclude named IP. But the problem is that if we do not exclude it,” he told Infosecurity, “it is automatically included.” Entrust is concerned, he explained, that companies could lose their IP by default – by simply forgetting to go through the process of exclusion.
It’s rather like a huge commercial game of poker. Entrust made a stand; but the smaller companies, with mathematics in their favor, called its bluff. Entrust and its allies could do nothing other than leave the table. But Callas believes the overall stakes for security are too high to leave it at that. He still believes in the value of the CAB Forum. He told Infosecurity that Entrust and the other companies that left over the issue are informally working together on a new IPR policy that he hopes will be acceptable to everyone. He hopes that they will be able to return to the table with a new and winning hand.