Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00

"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Mon, 11 February 2013 16:44 UTC

Return-Path: <prvs=57544381d1=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25C8721F86A9 for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2013 08:44:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.145
X-Spam-Level:
X-Spam-Status: No, score=-5.145 tagged_above=-999 required=5 tests=[AWL=-0.097, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_OBFU_ALL=0.751, SARE_SUB_RAND_LETTRS4=0.799, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eeeJeyQpXcHh for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2013 08:44:26 -0800 (PST)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id 37AB721F854E for <cfrg@irtf.org>; Mon, 11 Feb 2013 08:44:26 -0800 (PST)
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id r1BGiKQ1009386; Mon, 11 Feb 2013 11:44:22 -0500
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: Jon Callas <jon@callas.org>
Date: Mon, 11 Feb 2013 11:44:19 -0500
Thread-Topic: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
Thread-Index: Ac4IdwsrX+cbaf7AQuezjHavFXtl9g==
Message-ID: <CD3E89B8.EBD5%uri@ll.mit.edu>
In-Reply-To: <620CDDF7-B6BB-40FE-861F-4F06A90E7C0B@callas.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.5.121010
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="B_3443427859_1233501"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2013-02-11_03:2013-02-11, 2013-02-11, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=8 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1211240000 definitions=main-1302110145
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2013 16:44:27 -0000

License 1 is Open Source, and A may not be a Corp (like PGP, Inc. is). And
if (for example) I were to develop and release some free code - I sure
wouldn't want to throw cash at this problem.
--
Regards,
Uri Blumenthal
<Disclaimer>




On 2/11/13 11:41 , "Jon Callas" <jon@callas.org> wrote:

>
>On Feb 11, 2013, at 8:33 AM, "Blumenthal, Uri - 0558 - MITLL"
><uri@ll.mit.edu> wrote:
>
>> * PGP - S/MIME Signed by an unverified key: 02/11/2013 at 08:33:04 AM
>> 
>> On 2/11/13 11:20 , "Ted Krovetz" <ted@krovetz.net> wrote:
>> 
>> 
>>>> "No Discrimination Against Fields of Endeavor"
>>> 
>>> License 1 has no such restriction. Only License 2 does. Since you are
>>> free to choose which license you wish to abide by, I don't see any
>>>reason
>>> you couldn't use OCB under License 1 in your work.
>> 
>> I'd still like to see clarifications (answers to my example questions)
>> regarding License 1. To make it easier to track, here it is:
>> 
>> Let's consider (an updated) hypothetical case: company A adds an OCB
>> implementation
>> to OpenSSL (or Crypto++). Company X then uses that library/package in
>>their
>> proprietary "SuperComm" software that they subsequently sell to
>>Department
>> of Defense and to Department of Energy.
>> 
>> First - are they even allowed to to that under this license?
>> 
>> Second - how much of the source code do they have to make available to
>> satisfy the terms of "License 1"? Just the OCB code? The entire OpenSSL
>>or
>> Crypto++? The entire "SuperComm" source?
>> 
>> 
>> Third - if there's a violation of the license terms in the above
>>example,
>> which entity is considered responsible?
>
>But that's A Corp's problem, not the IETF's. It's the purpose of a
>standard to describe things for the purposes of interoperability.
>Arguably, it's also a layer 8 problem and we're layer 9.
>
>A Corp can very likely make the problem go away by throwing cash at the
>problem, as well. At PGP, we liked EME2, another Rogaway protocol with
>similar IP issues. We bought a license from the University of California.
>It was reasonably priced. We got on with our lives.
>
>	Jon
>