Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00

Jon Callas <jon@callas.org> Mon, 11 February 2013 16:41 UTC

Return-Path: <jon@callas.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5907621F8918 for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2013 08:41:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.049
X-Spam-Level:
X-Spam-Status: No, score=-1.049 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_OBFU_ALL=0.751, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eYUdqI28jJrs for <cfrg@ietfa.amsl.com>; Mon, 11 Feb 2013 08:41:49 -0800 (PST)
Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id E22DA21F8915 for <cfrg@irtf.org>; Mon, 11 Feb 2013 08:41:49 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 0F9CD1EBE1C4 for <cfrg@irtf.org>; Mon, 11 Feb 2013 08:41:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at merrymeet.com
Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (merrymeet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtJMQGhjX0ac for <cfrg@irtf.org>; Mon, 11 Feb 2013 08:41:39 -0800 (PST)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id B13051EBE198 for <cfrg@irtf.org>; Mon, 11 Feb 2013 08:41:39 -0800 (PST)
Received: from [172.16.13.170] ([23.24.110.141]) by keys.merrymeet.com (PGP Universal service); Mon, 11 Feb 2013 08:41:39 -0800
X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 11 Feb 2013 08:41:39 -0800
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <CD3E8671.EBD1%uri@ll.mit.edu>
Date: Mon, 11 Feb 2013 08:41:40 -0800
Message-Id: <620CDDF7-B6BB-40FE-861F-4F06A90E7C0B@callas.org>
References: <CD3E8671.EBD1%uri@ll.mit.edu>
To: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
X-Mailer: Apple Mail (2.1499)
X-PGP-Encoding-Format: Partitioned
X-PGP-Encoding-Version: 2.0.2
X-Content-PGP-Universal-Saved-Content-Transfer-Encoding: quoted-printable
X-Content-PGP-Universal-Saved-Content-Type: text/plain; charset=us-ascii
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, Jon Callas <jon@callas.org>
Subject: Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2013 16:41:50 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Feb 11, 2013, at 8:33 AM, "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> wrote:

> * PGP - S/MIME Signed by an unverified key: 02/11/2013 at 08:33:04 AM
> 
> On 2/11/13 11:20 , "Ted Krovetz" <ted@krovetz.net> wrote:
> 
> 
>>> "No Discrimination Against Fields of Endeavor"
>> 
>> License 1 has no such restriction. Only License 2 does. Since you are
>> free to choose which license you wish to abide by, I don't see any reason
>> you couldn't use OCB under License 1 in your work.
> 
> I'd still like to see clarifications (answers to my example questions)
> regarding License 1. To make it easier to track, here it is:
> 
> Let's consider (an updated) hypothetical case: company A adds an OCB
> implementation
> to OpenSSL (or Crypto++). Company X then uses that library/package in their
> proprietary "SuperComm" software that they subsequently sell to Department
> of Defense and to Department of Energy.
> 
> First - are they even allowed to to that under this license?
> 
> Second - how much of the source code do they have to make available to
> satisfy the terms of "License 1"? Just the OCB code? The entire OpenSSL or
> Crypto++? The entire "SuperComm" source?
> 
> 
> Third - if there's a violation of the license terms in the above example,
> which entity is considered responsible?

But that's A Corp's problem, not the IETF's. It's the purpose of a standard to describe things for the purposes of interoperability. Arguably, it's also a layer 8 problem and we're layer 9.

A Corp can very likely make the problem go away by throwing cash at the problem, as well. At PGP, we liked EME2, another Rogaway protocol with similar IP issues. We bought a license from the University of California. It was reasonably priced. We got on with our lives.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFRGR9DsTedWZOD3gYRAn0sAKCcqhcd8MFSMI9uZfOKvWbEtIMNUwCg/6Ib
+w/E1gvp4T4I0XS/qDOSlE8=
=+wE8
-----END PGP SIGNATURE-----