Hi Paul,
On Mon, Jul 15, 2019 at 12:58:08PM +0100, Paul Sutton wrote:
thanks for your feedback.
https://www.etsi.org/intellectual-property-rights#mytoc3 and
https://www.etsi.org/images/files/IPR/etsi-ipr-policy.pdf outline the
copyright licensing details for software incorporated in ETSI
standards however I have not taken legal advice on compatibility of
this license with AGPLv3.
I personally find all I found so far on the the ETSI "IP policy" quite
shady, to be honest. It's weird how the "restricted usage undertaking"
and related documents appear to be devoid of any information about what
kind of rights or license they are talking about. "intellectual
property" is a marketing term. It could refer to anything from
trademarks, patents to copyright.
It's a bit of a surprise that the industry doesn't appear to have
developed more legal clarity around this. This is not only true for
those crypto systems, but equally true e.g. of the reference voice codec
implementations. The specs requires a bit-exact match to what is
released as their source code - yet that source code comes without
copyright statement or any indication of license terms. The big
question is how realistically one could write an independent
implementation which renders the bit-exact results without writing code
that looks identical. Also, there's typically always some collections
of constants / tables, which you have to copy 1:1. Sure, there's some
flexibility in the details of an implementation, but to me it's somewhat
questionable how that would look from a copyright point of view. Guess
I'll have to have that discussion within the FOSS legal circles I
happen to have found my way into.
It would be great to have a discussion around all of this with ETSI,
but I somehow fear they will not really have anyone on the table with
a deep understanding how FOSS works both legally and technically.
It would be good as you say to have a "clean
copyright" implementation
- perhaps this is something we could help with.
I'd very much like that idea. If you have capacity to work on that:
great!
Maybe it's also something where one could convince some FOSS-friendly
academics that it would be worth having e.g. some students work on it.
I don't really have much day-to-day contacts to academic cryptographers,
but I know quite a few and can try to ask around.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)