W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2010

Re: ECC and Patent Policy

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 31 Aug 2010 09:58:57 +0200
Cc: Thomas Roessler <tlr@w3.org>, Rigo Wenning <rigo@w3.org>, public-xmlsec@w3.org
Message-Id: <74C1B00F-1651-4883-B90E-845F9F07A99D@w3.org>
To: Hal Lockhart <hal.lockhart@oracle.com>
Hal,

we're reviewing a few things within the staff.  I hope to get back to you within a week or two -- at the XML summer school next week.

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)







On 28 Aug 2010, at 22:54, Hal Lockhart wrote:

> I agree that the most desirable outcome would be to allow implementation on a RF (or better yet, non-assert basis).
> 
> I also believe including some forms of ECC is an urgent requirement.
> 
> I believe there are three, not two options:
> 
> 1. The proposed path: specify ECC, but only as informative.
> 2. Leave ECC entirely.
> 3. Form a PAG.
> 
> Oracle considers #2 unacceptable.
> 
> The reason for doing #1 was to avoid the constraint on essential claims as defined by the Patent Policy. However, we now know that the Patent Policy definition of essential claims does not cover ECC as referenced in the specs in question. Therefore, we see no purpose in doing #1.
> 
> Oracle supports investigating the formation of a PAG.
> 
> I recommend leaving the drafts in their current form, i.e. with ECC as normative.
> 
> Hal
> 
>> -----Original Message-----
>> From: Rigo Wenning [mailto:rigo@w3.org]
>> Sent: Friday, August 27, 2010 6:02 AM
>> To: Hal Lockhart
>> Cc: public-xmlsec@w3.org
>> Subject: Re: ECC and Patent Policy
>> 
>> 
>> Hi Hal, 
>> 
>> this point was already taken up by the PSIG and led to the 
>> Patent Policy FAQ 
>> entry:
>> http://www.w3.org/2003/12/22-pp-faq.html#outside-normative-ref
>> 
>> 32. Can a W3C Recommendation normatively refer to technology 
>> developed outside 
>> W3C with licensing terms that differ from those of the W3C 
>> Patent Policy?
>> 
>> Yes. W3C Recommendations may include normative references to 
>> standards or 
>> technologies developed outside of W3C. However, the Working 
>> Group should keep 
>> in mind the importance of royalty-free implementations of Web 
>> standards. In 
>> the event it becomes clear that the licensing status of those 
>> externally-
>> developed technologies could become a barrier to 
>> implementation of the 
>> technology according to the W3C Royalty-Free (RF) Licensing 
>> Requirements, W3C 
>> may choose not to publish the document or may launch a PAG.
>> 
>> As I said in our private conversation before you've sent your 
>> idea to the 
>> list, your interpretation opens an option. The Patent Policy 
>> is full of holes 
>> where people can try to escape the RF goals. But we have to 
>> respect the 
>> overall RF goal when searching the meaning of the words of 
>> the patent policy. 
>> With words taken absolute and in isolation, one can justify 
>> everything out of 
>> a given text, provided the text is long enough.
>> 
>> The conclusion line that you found was introduced to help 
>> with the referencing 
>> of standards from organizations with a different licensing 
>> scheme, e.g. ISO 
>> with a RAND policy, but where there is nothing known about 
>> encumbrance. 
>> 
>> In our case, we know about the encumbrance. Even if it would 
>> be a mere 
>> reference, it would import an known encumbrance into the XML 
>> Signature 
>> specification. The Group has decided that this is 
>> unacceptable and tries to 
>> resolve the issue with all options on the table. We tried to convince 
>> RIM/Certicom to provide RF and failed. Remaining options are 
>> to trigger a PAG, 
>> or to leave ECC out.
>> 
>> Best, 
>> 
>> Rigo
>> 
>> On Thursday 26 August 2010 16:07:21 Hal Lockhart wrote:
>>> It was pointed out to me that the W3C Patent Policy, 
>> Section 8.2 says:
>>> 
>>> ----
>>> "The following are expressly excluded from and shall not be 
>> deemed to
>>> constitute Essential Claims:"
>>> 
>>> [...]
>>> 
>>> "2. claims which would be infringed only by:"
>>> 
>>> [...]
>>> 
>>> "o the implementation of technology developed elsewhere and merely
>>> incorporated by reference in the body of the Recommendation." ----
>>> 
>>> It seems to me that this is exactly the case in signature 
>> and encryption
>>> 1.1. The actual use of ECDSA is specified in a NIST standard, which
>>> appears as a normative reference in the W3C documents.
>>> 
>>> I actually do not understand why this exclusion exists, but 
>> it appears to
>>> me that the specification as written is compliant with the 
>> W3C Patent
>>> Policy, regardless of what Certicom does.
>>> 
>>> Was the W3C trying to achieve something more than 
>> compliance with the
>>> Patent Policy?
>>> 
>>> Hal
>>> 
>> 
>> 
>> 
> 
> 
Received on Tuesday, 31 August 2010 07:59:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 31 August 2010 07:59:01 GMT