Flawed license in document...

It seems draft-eastlake-sha2-02.txt is a document that would have
benefited from the ideas discussed in this WG.  The license text that
the draft-eastlake-sha2-02.txt authors picked seem to be incompatible
with some free software licenses and some proprietary license to me.
That is counter to the stated goal that the code should be easily
usable by the community.  See my post below.

What may be relevant for this WG to consider is the license text used.
Reviewing actual wording of licenses used in RFCs helps understanding
what rights are missing from the IETF granted permissions.  I'm
quoting the license used in draft-eastlake-sha2-02.txt for easy
reference.  (The license in RFC 3492 is another example, however it
fortunately appear to be compatible with all relevant licenses.)

Btw, any progress on the IPR WG charter update?

1.1 License

   Royalty free license to copy and use this software is granted
   provided that this document is identified in all material mentioning
   or referencing this software. Royalty free license is also granted to
   make and use derivative works provided that such works are identified
   as derived from this work.

   The authors make no representations concerning either the
   merchantability of this software or the suitability of this software
   for any particular purpose. It is provided "as is" without express or
   implied warranty of any kind.

Regards,
Simon

From: Simon Josefsson <jas@extundo.com>
Subject: Re: Document Action: 'US Secure Hash Algorithms (SHA and HMAC-SHA)'
	to Informational RFC
Newsgroups: gmane.ietf.general
Date: Tue, 07 Feb 2006 00:11:33 +0100

The IESG <iesg-secretary@ietf.org> writes:

> Note to the RFC Editor
>
>   To resolve the concerns with the term "open source", please make the
>   following changes:
>
>   In the Abstract:
>
>     OLD:
>
>       The purpose of this document is to make open source code
>       performing these hash functions conveniently available to
>       the Internet community.
>
>     NEW:
>
>       The purpose of this document is to make source code
>       performing these hash functions conveniently available to
>       the Internet community.
>
>   In Section 10:
>
>     OLD:
>
>       This document is intended to provide convenient open source
>       access by the Internet community to the United States of
>       America Federal Information Processing Standard Secure Hash
>       Algorithms (SHAs) [FIPS 180-2] and HMACs based thereon.
>
>     NEW:
>
>       This document provides the Internet community convenient
>       access to source code that implements the United States of
>       America Federal Information Processing Standard Secure Hash
>       Algorithms (SHAs) [FIPS 180-2] and HMACs based upon these
>       one-way hash functions.  See license in Section 1.1.

The license in section 1.1 reads:

   Royalty free license to copy and use this software is granted
   provided that this document is identified in all material
   mentioning or referencing this software.

I believe this part of the license is incompatible with some licenses
used to implement IETF protocols.  It has the same problem as the
advertisement clause in the old BSD license.  It is thus questionable
whether the document achieve its stated goal.

Btw:

> The IESG has approved the following document:
>
> - 'US Secure Hash Algorithms (SHA and HMAC-SHA) '
>    <draft-eastlake-sha2-02.txt> as an Informational RFC
>
> This document has been reviewed in the IETF but is not the product of an
> IETF Working Group.

Was there a last call for this document?  I do not recall seeing it.

Thanks,
Simon

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

_______________________________________________
Ipr-wg mailing list
Ipr-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/ipr-wg