IETF Logo Mail Archive

Re: Flawed license in document...

Ted Hardie <hardie@qualcomm.com> Tue, 07 February 2006 01:10 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6HNg-0008V5-LA; Mon, 06 Feb 2006 20:10:56 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6HNf-0008U2-9P for ipr-wg@megatron.ietf.org; Mon, 06 Feb 2006 20:10:55 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA01241 for <ipr-wg@ietf.org>; Mon, 6 Feb 2006 20:09:06 -0500 (EST)
Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F6HZp-0006x7-GN for ipr-wg@ietf.org; Mon, 06 Feb 2006 20:23:30 -0500
Received: from crowley.qualcomm.com (crowley.qualcomm.com [129.46.61.151]) by numenor.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id k171ALCn028852 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 6 Feb 2006 17:10:22 -0800
Received: from [129.46.225.69] (dhcp-campbell-23.qualcomm.com [129.46.225.69]) by crowley.qualcomm.com (8.13.5/8.12.5/1.0) with ESMTP id k171AJaG017054; Mon, 6 Feb 2006 17:10:21 -0800 (PST)
Mime-Version: 1.0
Message-Id: <p0623090cc00d9f1815d3@[129.46.225.69]>
In-Reply-To: <jas8xsokoq3.fsf@latte.josefsson.org>
References: <jas8xsokoq3.fsf@latte.josefsson.org>
Date: Mon, 06 Feb 2006 17:10:17 -0800
To: Simon Josefsson <jas@extundo.com>, ipr-wg@ietf.org
From: Ted Hardie <hardie@qualcomm.com>
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2ed806e2f53ff1a061ad4f97e00345ac
Cc:
Subject: Re: Flawed license in document...
X-BeenThere: ipr-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPR-WG <ipr-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipr-wg>, <mailto:ipr-wg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipr-wg@ietf.org>
List-Help: <mailto:ipr-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipr-wg>, <mailto:ipr-wg-request@ietf.org?subject=subscribe>
Sender: ipr-wg-bounces@ietf.org
Errors-To: ipr-wg-bounces@ietf.org

At 1:16 AM +0100 2/7/06, Simon Josefsson wrote:
>It seems draft-eastlake-sha2-02.txt is a document that would have
>benefited from the ideas discussed in this WG.  The license text that
>the draft-eastlake-sha2-02.txt authors picked seem to be incompatible
>with some free software licenses and some proprietary license to me.
>That is counter to the stated goal that the code should be easily
>usable by the community.  See my post below.
>
>What may be relevant for this WG to consider is the license text used.
>Reviewing actual wording of licenses used in RFCs helps understanding
>what rights are missing from the IETF granted permissions.  I'm
>quoting the license used in draft-eastlake-sha2-02.txt for easy
>reference.  (The license in RFC 3492 is another example, however it
>fortunately appear to be compatible with all relevant licenses.)

Simon,
	The license given is, as you note below, similar to previous
BSD licenses in that there is an advertisement clause.  The authors
made the choice to put their work out in that form, and I think it
is somewhat rude to assume that they didn't do the work of balancing
their own interests in producing the document.   Yes, they clearly
wanted to make this work available for review (and potentially incorporation)
to the community.  This is also  an individual submission for informational--their
work, done on their time, for the good of the community.  If they chose
to require a reference to the work, it's their choice. 
	The IETF can, of course, choose not to accept the work for RFC
publication on the grounds an author offers.  At the moment, that's a
judgement call, based on the review it has received.    I personally hope
it stays something that allows for variability in the licenses offered. Going to
a one-size fits all system fundamentally ignores the rights of the authors, 
and it has the pretty idealistic presumption that people will continue doing
the work if we dictate whatever terms we like. 
	To be honest, you seem to me to be in this message once again
pushing GPL-compatibility  as a litmus test for acceptable terms to offer to
the IETF.  I personally don't think one size is going to fit all, and I'm strongly
opposed to using the GPL as that size if  the working group decides to go with
baseline rights.    The sizing on that particular Procrustean bed will lop off
things  I think we need.
	I am not speaking for my employer or the IESG.
			regards,
				Ted Hardie






>Btw, any progress on the IPR WG charter update?
>
>1.1 License
>
>   Royalty free license to copy and use this software is granted
>   provided that this document is identified in all material mentioning
>   or referencing this software. Royalty free license is also granted to
>   make and use derivative works provided that such works are identified
>   as derived from this work.
>
>   The authors make no representations concerning either the
>   merchantability of this software or the suitability of this software
>   for any particular purpose. It is provided "as is" without express or
>   implied warranty of any kind.
>
>Regards,
>Simon
>
>From: Simon Josefsson <jas@extundo.com>
>Subject: Re: Document Action: 'US Secure Hash Algorithms (SHA and HMAC-SHA)'
>	to Informational RFC
>Newsgroups: gmane.ietf.general
>Date: Tue, 07 Feb 2006 00:11:33 +0100
>
>The IESG <iesg-secretary@ietf.org> writes:
>
>> Note to the RFC Editor
>>
>>   To resolve the concerns with the term "open source", please make the
>>   following changes:
>>
>>   In the Abstract:
>>
>>     OLD:
>>
>>       The purpose of this document is to make open source code
>>       performing these hash functions conveniently available to
>>       the Internet community.
>>
>>     NEW:
>>
>>       The purpose of this document is to make source code
>>       performing these hash functions conveniently available to
>>       the Internet community.
>>
>>   In Section 10:
>>
>>     OLD:
>>
>>       This document is intended to provide convenient open source
>>       access by the Internet community to the United States of
> >       America Federal Information Processing Standard Secure Hash
>>       Algorithms (SHAs) [FIPS 180-2] and HMACs based thereon.
>>
>>     NEW:
>>
>>       This document provides the Internet community convenient
>>       access to source code that implements the United States of
>>       America Federal Information Processing Standard Secure Hash
>>       Algorithms (SHAs) [FIPS 180-2] and HMACs based upon these
>>       one-way hash functions.  See license in Section 1.1.
>
>The license in section 1.1 reads:
>
>   Royalty free license to copy and use this software is granted
>   provided that this document is identified in all material
>   mentioning or referencing this software.
>
>I believe this part of the license is incompatible with some licenses
>used to implement IETF protocols.  It has the same problem as the
>advertisement clause in the old BSD license.  It is thus questionable
>whether the document achieve its stated goal.
>
>Btw:
>
>> The IESG has approved the following document:
>>
>> - 'US Secure Hash Algorithms (SHA and HMAC-SHA) '
>>    <draft-eastlake-sha2-02.txt> as an Informational RFC
>>
>> This document has been reviewed in the IETF but is not the product of an
>> IETF Working Group.
>
>Was there a last call for this document?  I do not recall seeing it.
>
>Thanks,
>Simon
>
>_______________________________________________
>Ietf mailing list
>Ietf@ietf.org
>https://www1.ietf.org/mailman/listinfo/ietf
>
>
>_______________________________________________
>Ipr-wg mailing list
>Ipr-wg@ietf.org
>https://www1.ietf.org/mailman/listinfo/ipr-wg


_______________________________________________
Ipr-wg mailing list
Ipr-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/ipr-wg

v2.23.0 | Report a Bug | By Email