Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00

"Blumenthal, Uri - 0558 - MITLL" <> Mon, 11 February 2013 16:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 20B1621F885E for <>; Mon, 11 Feb 2013 08:33:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.465
X-Spam-Status: No, score=-5.465 tagged_above=-999 required=5 tests=[AWL=0.335, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LC7s1eUVo75K for <>; Mon, 11 Feb 2013 08:33:09 -0800 (PST)
Received: from (MX2.LL.MIT.EDU []) by (Postfix) with ESMTP id D15FB21F8848 for <>; Mon, 11 Feb 2013 08:33:08 -0800 (PST)
Received: from ( by (unknown) with ESMTP id r1BGX7I3002251; Mon, 11 Feb 2013 11:33:07 -0500
From: "Blumenthal, Uri - 0558 - MITLL" <>
To: Ted Krovetz <>, "" <>
Date: Mon, 11 Feb 2013 11:33:04 -0500
Thread-Topic: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
Thread-Index: Ac4IdXirkvua2ON9Qo2Ib2SXT2qK2Q==
Message-ID: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
user-agent: Microsoft-MacOutlook/
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="B_3443427184_1167190"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2013-02-11_03:2013-02-11, 2013-02-11, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=8 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1211240000 definitions=main-1302110144
Subject: Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Feb 2013 16:33:14 -0000

On 2/11/13 11:20 , "Ted Krovetz" <> wrote:

>> "No Discrimination Against Fields of Endeavor"
>License 1 has no such restriction. Only License 2 does. Since you are
>free to choose which license you wish to abide by, I don't see any reason
>you couldn't use OCB under License 1 in your work.

I'd still like to see clarifications (answers to my example questions)
regarding License 1. To make it easier to track, here it is:

Let's consider (an updated) hypothetical case: company A adds an OCB
to OpenSSL (or Crypto++). Company X then uses that library/package in their
proprietary "SuperComm" software that they subsequently sell to Department
of Defense and to Department of Energy.

First - are they even allowed to to that under this license?

Second - how much of the source code do they have to make available to
satisfy the terms of "License 1"? Just the OCB code? The entire OpenSSL or
Crypto++? The entire "SuperComm" source?

Third - if there's a violation of the license terms in the above example,
which entity is considered responsible?