headers
todd glassey | 1 Feb 2006 01:27
Picon

Fw: How does Torvalds commentary on GPL3 figure into this? - Larry?

Harald I got that it wasnt on your hitlist of things to deal with, but what
I was wondering - was in the interest of competent governance, whether it
would make sense to have a yeah or hey policy ready in advance of the
certification of GPL3

But the style of the IETF is to react to things rather than to adjust to
them in real time, so I guess your commentary makes sense, still if its to
be an issue that we are aware of - then lets perpare..

Todd
----- Original Message ----- 
From: "Harald Tveit Alvestrand" <harald <at> alvestrand.no>
To: "todd glassey" <todd.glassey <at> att.net>; <>
Sent: Tuesday, January 31, 2006 3:48 PM
Subject: Re: How does Torvalds commentary on GPL3 figure into this? - Larry?

> _______________________________________________
> Ipr-wg mailing list
> Ipr-wg <at> ietf.org
> https://www1.ietf.org/mailman/listinfo/ipr-wg
>

Speaking as chair:

Linus Torvalds' commentary on GPL3 is not raised as an issue that has to be 
resolved against the IETF IPR policy.

That discussion is therefore irrelevant to this list.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Simon Josefsson | 1 Feb 2006 12:55

Re: How does Torvalds commentary on GPL3 figure into this? - Larry?

I agree that Linus' comments on GPLv3 is irrelevant to this WG.

However, I believe that it is important that the license on IETF
contributions is compatible with a wide range of licenses, ranging
from EULA's to GPLv2 and GPLv3.

I believe the license I have proposed is compatible with GPLv3.

If my license is not adopted, I request that compatibility with
popular licenses of IETF implementations, ranging from Microsoft/Sun
EULA's to GPLv3, should be a suggested design requirement from the
IETF to the IPR Trust.

Thanks.

Harald Tveit Alvestrand <harald <at> alvestrand.no> writes:

> Speaking as chair:
>
> Linus Torvalds' commentary on GPL3 is not raised as an issue that has
> to be resolved against the IETF IPR policy.
>
> That discussion is therefore irrelevant to this list.
>
> If, after GPLv3 is final, someone wishes to propose that GPLv3 should
> be given some special status in the IETF process, that might be a
> relevant issue for the IPR WG. No such issue is on the table.
>
>                  Harald
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
George T. Willingmyre | 2 Feb 2006 16:47

Fw: DoC Report on New Internet Protocol

Gregory Tassey's distribution of the  report    "Technical and Economic Assessment of Internet Protocol Version 6 (IPv6)"  at http://www.nist.gov/director/prog-ofc/IPv6-final.pdf  is surly to be of interest to members of this list. 
 
George T. Willingmyre, P.E.
GTW Associates
301 421 4138 facsimile 301 421 0977
www.gtwassociates.com
 
----- Original Message -----
Sent: Thursday, February 02, 2006 9:26 AM
Subject: DoC Report on New Internet Protocol

A Department of Commerce Task Force has recently completed a technical and economic assessment of the next-generation Internet Protocol, version 6 (IPv6). The Task Force report can be accessed at http://www.nist.gov/director/planning/policy_studies.htm along with a supporting contractor (RTI International) report that provides more detailed economic analysis.

The Task Force was established by a directive in a 2003 White House report, National Strategy to Secure Cyberspace. This directive was motivated by propositions that the transition to IPv6 should be accelerated to provide enhanced cyberspace security and to respond to deployment strategies in other economies. It was realized that the prospect of increased costs to government and industry by an accelerated transition needed to be assessed relative to projected benefits (economic growth, national security, etc.).

This report should be of interest to the S&T policy arena, as it provides a comprehensive analysis of the technical and economic issues involved during transition between generations of an industry standard. Given that the Task Force analysis was conducted during the initial phase of transition, the ability to obtain data sufficient to undertake quantitative analysis was limited. Still, the report includes some insights into what kinds of analysis will be needed in the future to inform S&T policy over a multi-year transition. See the supporting RTI study for more detail on such analysis.

The IP is arguably one of the most important of all industry standards, as it enables the operation of the Internet infrastructure and the many applications that run on it. It is also one of the most complex standards. This complexity and the consequent prospect of substantial transition costs for the entire Internet supply chain has induced repeated "patching" of the current version (IPv4) over its 20-year existence. In fact, the substantial "installed base" of IPv4 infrastructure and IPv4 applications acts as a disincentive to investment in the new Protocol. As a result, the transition will take years and, therefore, will result in a dual-standard environment for some time. These conditions create the potential for large transition costs and negative economic impacts, if the transition is not managed efficiently.

The Task Force examined a range of potential domestic and global market barriers that, if present, could justify government intervention in the transition process. The increasing international volume and character of Internet services and the growing number of incentives provided by other governments for migrating their domestic industries to IPv6 require continued monitoring of the potential market barriers assessed in the report to inform analyses of policy options. In this context, OMB, in response to recent global trends, is developing guidance for all federal agencies to accelerate the transition to IPv6.

Comments are welcome.

Regards,

Greg Tassey

P.S. Some of you are on more than one of my distribution lists. If so, you are receiving more than one copy of this email. My apologies.
_______________________________________________
Ipr-wg mailing list
Ipr-wg <at> ietf.org
https://www1.ietf.org/mailman/listinfo/ipr-wg
Permalink | Reply | 0 comments |
headers
Simon Josefsson | 7 Feb 2006 01:16

Flawed license in document...

It seems draft-eastlake-sha2-02.txt is a document that would have
benefited from the ideas discussed in this WG.  The license text that
the draft-eastlake-sha2-02.txt authors picked seem to be incompatible
with some free software licenses and some proprietary license to me.
That is counter to the stated goal that the code should be easily
usable by the community.  See my post below.

What may be relevant for this WG to consider is the license text used.
Reviewing actual wording of licenses used in RFCs helps understanding
what rights are missing from the IETF granted permissions.  I'm
quoting the license used in draft-eastlake-sha2-02.txt for easy
reference.  (The license in RFC 3492 is another example, however it
fortunately appear to be compatible with all relevant licenses.)

Btw, any progress on the IPR WG charter update?

1.1 License

   Royalty free license to copy and use this software is granted
   provided that this document is identified in all material mentioning
   or referencing this software. Royalty free license is also granted to
   make and use derivative works provided that such works are identified
   as derived from this work.

   The authors make no representations concerning either the
   merchantability of this software or the suitability of this software
   for any particular purpose. It is provided "as is" without express or
   implied warranty of any kind.

Regards,
Simon

From: Simon Josefsson <jas <at> extundo.com>
Subject: Re: Document Action: 'US Secure Hash Algorithms (SHA and HMAC-SHA)'
	to Informational RFC
Newsgroups: gmane.ietf.general
Date: Tue, 07 Feb 2006 00:11:33 +0100

The IESG <iesg-secretary <at> ietf.org> writes:

> Note to the RFC Editor
>
>   To resolve the concerns with the term "open source", please make the
>   following changes:
>
>   In the Abstract:
>
>     OLD:
>
>       The purpose of this document is to make open source code
>       performing these hash functions conveniently available to
>       the Internet community.
>
>     NEW:
>
>       The purpose of this document is to make source code
>       performing these hash functions conveniently available to
>       the Internet community.
>
>   In Section 10:
>
>     OLD:
>
>       This document is intended to provide convenient open source
>       access by the Internet community to the United States of
>       America Federal Information Processing Standard Secure Hash
>       Algorithms (SHAs) [FIPS 180-2] and HMACs based thereon.
>
>     NEW:
>
>       This document provides the Internet community convenient
>       access to source code that implements the United States of
>       America Federal Information Processing Standard Secure Hash
>       Algorithms (SHAs) [FIPS 180-2] and HMACs based upon these
>       one-way hash functions.  See license in Section 1.1.

The license in section 1.1 reads:

   Royalty free license to copy and use this software is granted
   provided that this document is identified in all material
   mentioning or referencing this software.

I believe this part of the license is incompatible with some licenses
used to implement IETF protocols.  It has the same problem as the
advertisement clause in the old BSD license.  It is thus questionable
whether the document achieve its stated goal.

Btw:

> The IESG has approved the following document:
>
> - 'US Secure Hash Algorithms (SHA and HMAC-SHA) '
>    <draft-eastlake-sha2-02.txt> as an Informational RFC
>
> This document has been reviewed in the IETF but is not the product of an
> IETF Working Group.

Was there a last call for this document?  I do not recall seeing it.

Thanks,
Simon

_______________________________________________
Ietf mailing list
Ietf <at> ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Permalink | Reply | 503 comments |
headers
Ted Hardie | 7 Feb 2006 02:10

Re: Flawed license in document...

At 1:16 AM +0100 2/7/06, Simon Josefsson wrote:
>It seems draft-eastlake-sha2-02.txt is a document that would have
>benefited from the ideas discussed in this WG.  The license text that
>the draft-eastlake-sha2-02.txt authors picked seem to be incompatible
>with some free software licenses and some proprietary license to me.
>That is counter to the stated goal that the code should be easily
>usable by the community.  See my post below.
>
>What may be relevant for this WG to consider is the license text used.
>Reviewing actual wording of licenses used in RFCs helps understanding
>what rights are missing from the IETF granted permissions.  I'm
>quoting the license used in draft-eastlake-sha2-02.txt for easy
>reference.  (The license in RFC 3492 is another example, however it
>fortunately appear to be compatible with all relevant licenses.)

Simon,
	The license given is, as you note below, similar to previous
BSD licenses in that there is an advertisement clause.  The authors
made the choice to put their work out in that form, and I think it
is somewhat rude to assume that they didn't do the work of balancing
their own interests in producing the document.   Yes, they clearly
wanted to make this work available for review (and potentially incorporation)
to the community.  This is also  an individual submission for informational--their
work, done on their time, for the good of the community.  If they chose
to require a reference to the work, it's their choice. 
	The IETF can, of course, choose not to accept the work for RFC
publication on the grounds an author offers.  At the moment, that's a
judgement call, based on the review it has received.    I personally hope
it stays something that allows for variability in the licenses offered. Going to
a one-size fits all system fundamentally ignores the rights of the authors, 
and it has the pretty idealistic presumption that people will continue doing
the work if we dictate whatever terms we like. 
	To be honest, you seem to me to be in this message once again
pushing GPL-compatibility  as a litmus test for acceptable terms to offer to
the IETF.  I personally don't think one size is going to fit all, and I'm strongly
opposed to using the GPL as that size if  the working group decides to go with
baseline rights.    The sizing on that particular Procrustean bed will lop off
things  I think we need.
	I am not speaking for my employer or the IESG.
			regards,
				Ted Hardie

>Btw, any progress on the IPR WG charter update?
>
>1.1 License
>
>   Royalty free license to copy and use this software is granted
>   provided that this document is identified in all material mentioning
>   or referencing this software. Royalty free license is also granted to
>   make and use derivative works provided that such works are identified
>   as derived from this work.
>
>   The authors make no representations concerning either the
>   merchantability of this software or the suitability of this software
>   for any particular purpose. It is provided "as is" without express or
>   implied warranty of any kind.
>
>Regards,
>Simon
>
>From: Simon Josefsson <jas <at> extundo.com>
>Subject: Re: Document Action: 'US Secure Hash Algorithms (SHA and HMAC-SHA)'
>	to Informational RFC
>Newsgroups: gmane.ietf.general
>Date: Tue, 07 Feb 2006 00:11:33 +0100
>
>The IESG <iesg-secretary <at> ietf.org> writes:
>
>> Note to the RFC Editor
>>
>>   To resolve the concerns with the term "open source", please make the
>>   following changes:
>>
>>   In the Abstract:
>>
>>     OLD:
>>
>>       The purpose of this document is to make open source code
>>       performing these hash functions conveniently available to
>>       the Internet community.
>>
>>     NEW:
>>
>>       The purpose of this document is to make source code
>>       performing these hash functions conveniently available to
>>       the Internet community.
>>
>>   In Section 10:
>>
>>     OLD:
>>
>>       This document is intended to provide convenient open source
>>       access by the Internet community to the United States of
> >       America Federal Information Processing Standard Secure Hash
>>       Algorithms (SHAs) [FIPS 180-2] and HMACs based thereon.
>>
>>     NEW:
>>
>>       This document provides the Internet community convenient
>>       access to source code that implements the United States of
>>       America Federal Information Processing Standard Secure Hash
>>       Algorithms (SHAs) [FIPS 180-2] and HMACs based upon these
>>       one-way hash functions.  See license in Section 1.1.
>
>The license in section 1.1 reads:
>
>   Royalty free license to copy and use this software is granted
>   provided that this document is identified in all material
>   mentioning or referencing this software.
>
>I believe this part of the license is incompatible with some licenses
>used to implement IETF protocols.  It has the same problem as the
>advertisement clause in the old BSD license.  It is thus questionable
>whether the document achieve its stated goal.
>
>Btw:
>
>> The IESG has approved the following document:
>>
>> - 'US Secure Hash Algorithms (SHA and HMAC-SHA) '
>>    <draft-eastlake-sha2-02.txt> as an Informational RFC
>>
>> This document has been reviewed in the IETF but is not the product of an
>> IETF Working Group.
>
>Was there a last call for this document?  I do not recall seeing it.
>
>Thanks,
>Simon
>
>_______________________________________________
>Ietf mailing list
>Ietf <at> ietf.org
>https://www1.ietf.org/mailman/listinfo/ietf
>
>
>_______________________________________________
>Ipr-wg mailing list
>Ipr-wg <at> ietf.org
>https://www1.ietf.org/mailman/listinfo/ipr-wg
Permalink | Reply | 502 comments |
headers
Don Armstrong | 7 Feb 2006 02:47
Picon
Favicon

Re: Flawed license in document...

On Mon, 06 Feb 2006, Ted Hardie wrote:
> To be honest, you seem to me to be in this message once again
> pushing GPL-compatibility as a litmus test for acceptable terms to
> offer to the IETF.

The issue really isn't just GPL compatibility, it's compatibility with
the largest range of licenses possible to promote the reuse of
standardized implementations wherever possible. The GPL is merely one
of a range of licenses which cover works in which IETF standards are
implemented.

> I personally don't think one size is going to fit all, and I'm
> strongly opposed to using the GPL as that size if the working group
> decides to go with baseline rights.

A maximally permissive license will clearly fit all usage cases; the
only issue is whether such a license will be something that people
contributing to an IETF standards process will accept.

If it's not, then we have to step back and balance the need for
contributors with the need for standards that can be widely deployed.

[There seems to be some confusion here about the GPL: we're (or at
least I am) not asking for IETF standards to be licensed under the
GPL, merely for it to be licensed in a manner which enables it to be
used in the widest range of works, of which a GPLed work is one part
of that set.]

Don Armstrong

--

-- 
Debian's not really about the users or the software at all. It's a
large flame-generating engine that the cabal uses to heat their coffee
 -- Andrew Suffield (#debian-devel Fri, 14 Feb 2003 14:34 -0500)

http://www.donarmstrong.com              http://rzlab.ucr.edu

_______________________________________________
Ipr-wg mailing list
Ipr-wg <at> ietf.org
https://www1.ietf.org/mailman/listinfo/ipr-wg
Permalink | Reply | 1 comment |
headers
Frank Ellermann | 7 Feb 2006 03:07
Picon
Picon

Re: Flawed license in document...

Simon Josefsson wrote:

> The license text that the draft-eastlake-sha2-02.txt authors
> picked seem to be incompatible with some free software
> licenses and some proprietary license to me.

Maybe they couldn't copy the license for the same "software" in
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf

| Exports of cryptographic modules implementing this standard
| and technical data regarding them must comply with these
| Federal regulations and be licensed by the Bureau of Export
| Administration of the U.S. Department of Commerce.

In other words RfCs mandating SHA are dubious, no big surprise.

| Implementations of the secure hash standard is this standard
| may be covered by U.S. or foreign patents.

Let's hope that they'll find the IETF page for IPR submissions.

| Only algorithm implementations that are validated by NIST
| will be considered as complying with this standard.
| Information about the planned validation program can be
| obtained at http://csrc.nist.gov/cryptval/
[...]

Several accredited labs for conformance testing.  Cost recovery
fee for NIST to check the conformance test results, and then to
publish the validated algorithm.

It's only an informational RfC, and it's nice to have this info
in plain text format.  Maybe the authors should have copied the
"legalese" from their source instead of using another text (?)

                             Bye, Frank
Permalink | Reply | 0 comments |
headers
Ted Hardie | 7 Feb 2006 06:00

Re: Flawed license in document...

At 5:47 PM -0800 2/6/06, Don Armstrong wrote:
>
>A maximally permissive license will clearly fit all usage cases; the
>only issue is whether such a license will be something that people
>contributing to an IETF standards process will accept.

A maximally permissive license would not be viral; it would allow
someone to do whatever they wanted without reference to the onward
license they grant on their work.    I'm not, personally, convinced
that there is anyway to pre-judge a "maximally permissive license"
without at least some statement about what axes will be used for
measurement.

But the main point is that the authors have a role in deciding what they
contribute, and if we don't give them reasonable choices in the matter,
they will decide not to contribute at all.    Section 5.2 of 3978 already
covers some aspect of this ground, and I hope that we continue
to recognize that author's rights that affect the fit of  declarations
they make to the IETF and the readers of their contributions.
			regards,
				Ted Hardie.
Permalink | Reply | 0 comments |
headers
Simon Josefsson | 8 Feb 2006 11:28

Re: Flawed license in document...

Ted Hardie <hardie <at> qualcomm.com> writes:

> At 1:16 AM +0100 2/7/06, Simon Josefsson wrote:
>>It seems draft-eastlake-sha2-02.txt is a document that would have
>>benefited from the ideas discussed in this WG.  The license text that
>>the draft-eastlake-sha2-02.txt authors picked seem to be incompatible
>>with some free software licenses and some proprietary license to me.
>>That is counter to the stated goal that the code should be easily
>>usable by the community.  See my post below.
>>
>>What may be relevant for this WG to consider is the license text used.
>>Reviewing actual wording of licenses used in RFCs helps understanding
>>what rights are missing from the IETF granted permissions.  I'm
>>quoting the license used in draft-eastlake-sha2-02.txt for easy
>>reference.  (The license in RFC 3492 is another example, however it
>>fortunately appear to be compatible with all relevant licenses.)
>
> Simon,
> 	The license given is, as you note below, similar to previous
> BSD licenses in that there is an advertisement clause.  The authors
> made the choice to put their work out in that form, and I think it
> is somewhat rude to assume that they didn't do the work of balancing
> their own interests in producing the document.   Yes, they clearly
> wanted to make this work available for review (and potentially incorporation)
> to the community.  This is also  an individual submission for informational--their
> work, done on their time, for the good of the community.  If they chose
> to require a reference to the work, it's their choice. 

Right, Ted, and I don't dispute that.  I don't intend to be rude, but
I doubted that the authors knew exactly what the license they had
chosen would imply in practice.  The authors are presumably not
lawyers.  The license text they had chosen was in direct conflict with
the explicit goal of providing "open source code".  That support my
doubt.  Their willingness to modify the license also support my doubt.

I believe this is a general problem.  I believe many IETF contributors
want their work to be widely used.  That's why they publish their work
through the IETF rather than on their own company webpage.  Many
working groups rely on free implementations of the protocol to drive
adoption.  Making it easy for free implementations of protocols
further the goals of several working groups.  I believe most authors
would be willing to chose a liberal license if they were aware that
choosing a liberal license will help the open source implementation.
Some areas of the IETF are driven primarily by open source
implementers (think DNS).

I'm not sure educating all IETF contributors, and ask them to include
a specific license, is the most appropriate path forward.  It will
lead to an multitude of licenses in documents.  We already have plenty
of weird licenses around.  Few use widely known licenses.  I guess
that is because people don't consider the license choice as an
important or difficult choice.

Adopting a liberal license for all documents by default would solve
the problem of having a wide range of weird licenses.  People who
don't consider the license issue important or difficult get one that
benefit the masses.

Some people will not like the license.  They would have to pick a more
restrictive license.  I believe the IETF could accept both.  The IETF
could even describe a more restrictive license.  The reasons for
choosing a more restrictive license could be scrutinized when deciding
to move the document forward.  This is the same as for the patent
situation.

> 	The IETF can, of course, choose not to accept the work for RFC
> publication on the grounds an author offers.  At the moment, that's a
> judgement call, based on the review it has received.    I personally hope
> it stays something that allows for variability in the licenses offered.

Same here.  Rejecting something because a liberal license cannot be
acquired seem wasteful.  Sometimes it is not necessary or even useful.

> Going to a one-size fits all system fundamentally ignores the rights
> of the authors, and it has the pretty idealistic presumption that
> people will continue doing the work if we dictate whatever terms we
> like.  To be honest, you seem to me to be in this message once again
> pushing GPL-compatibility as a litmus test for acceptable terms to
> offer to the IETF.  I personally don't think one size is going to
> fit all, and I'm strongly opposed to using the GPL as that size if
> the working group decides to go with baseline rights.  The sizing on
> that particular Procrustean bed will lop off things I think we need.

I understand that not all documents can be published under a license
that is compatible with a wide range licenses.

I'm thinking as much of Microsoft/Apple/Sun EULA's as the GPL here.
These companies appear to have the same problem as I do with license
compatibility.  Sun even incorporated part of an RFC despite the
license problem.

It is not GPL-compatibility that I believe should be a litmus test, it
is compatibility with a large set of licenses used to implement IETF
protocols.  If the IETF wishes to serve its community, I believe the
license chosen should make it easier for that community to implement
the documents.  The IETF license should not work against the goals of
the community.

If the IETF publishes reference code, API documentation, ASN.1
schemas, header files, etc, I strongly believe that material should be
compatible with a wide range of licenses.  Trying to separate code and
text is a distraction, and we have not made much progress on this
path.  The simplest seem to make all of the document available under
an all-compatible license.  This will also solve the problem that
Debian, FreeBSD and Sun had with regard to the license on the _text_
of RFCs.  Their concerns weren't with code-like portions.

Regards,
Simon
Permalink | Reply | 3 comments |
headers
Ted Hardie | 8 Feb 2006 20:33

Re: Flawed license in document...

At 11:28 AM +0100 2/8/06, Simon Josefsson wrote:
>
>Right, Ted, and I don't dispute that.  I don't intend to be rude, but
>I doubted that the authors knew exactly what the license they had
>chosen would imply in practice.  The authors are presumably not
>lawyers. 

I know them both, and I am happy to report that they are very productive
engineers.  They presumably have access to lawyers, should
they feel they need them.

>The license text they had chosen was in direct conflict with
>the explicit goal of providing "open source code".  That support my
>doubt.  Their willingness to modify the license also support my doubt.

It is not in direct conflict with the explicit goal of providing open
source code.  The document provides example source code for examination and
potentially for incorporation under a license that many, many
people and organizations would find appropriate.  It does not do
so for all licenses.

I am not a lawyer either, but I don't believe Tony's proposed change:

   Royalty free license to copy and use this software is granted,
   provided that redistributed derivative works do not contain
   misleading author or version information.

carries the same meaning as the original, as it does not require the
derivative works to carry the same restriction.  Since a copy-of-a-copy
is pretty easy to arrange, without that you are at full freedom
to remove this restriction in one generation.  And it is the imposition
of this restriction which would run you into problems with the advertisment
clause's conflict with the GPL.

Whether Tony and Don choose to lose that in a single generation or not,
we have to expect that some contributors to the IETF would want the
restriction to be inherited.  Otherwise we are back at the "fork" problem
very, very quickly.
			Ted
Permalink | Reply | 2 comments |

Gmane