W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2010

RE: ECC and Patent Policy

From: Hal Lockhart <hal.lockhart@oracle.com>
Date: Tue, 31 Aug 2010 05:12:47 -0700 (PDT)
Message-ID: <5a587d8e-1356-4171-866e-27cfeaa61112@default>
To: Hal Lockhart <hal.lockhart@oracle.com>, Rigo Wenning <rigo@w3.org>
Cc: public-xmlsec@w3.org
For the record, #2 was intended to read: "2. Leave ECC out entirely."

Hal

> -----Original Message-----
> From: Hal Lockhart 
> Sent: Saturday, August 28, 2010 4:55 PM
> To: Rigo Wenning
> Cc: public-xmlsec@w3.org
> Subject: RE: ECC and Patent Policy
> 
> 
> I agree that the most desirable outcome would be to allow 
> implementation on a RF (or better yet, non-assert basis).
> 
> I also believe including some forms of ECC is an urgent requirement.
> 
> I believe there are three, not two options:
> 
> 1. The proposed path: specify ECC, but only as informative.
> 2. Leave ECC entirely.
> 3. Form a PAG.
> 
> Oracle considers #2 unacceptable.
> 
> The reason for doing #1 was to avoid the constraint on 
> essential claims as defined by the Patent Policy. However, we 
> now know that the Patent Policy definition of essential 
> claims does not cover ECC as referenced in the specs in 
> question. Therefore, we see no purpose in doing #1.
> 
> Oracle supports investigating the formation of a PAG.
> 
> I recommend leaving the drafts in their current form, i.e. 
> with ECC as normative.
> 
> Hal
> 
> > -----Original Message-----
> > From: Rigo Wenning [mailto:rigo@w3.org]
> > Sent: Friday, August 27, 2010 6:02 AM
> > To: Hal Lockhart
> > Cc: public-xmlsec@w3.org
> > Subject: Re: ECC and Patent Policy
> > 
> > 
> > Hi Hal, 
> > 
> > this point was already taken up by the PSIG and led to the 
> > Patent Policy FAQ 
> > entry:
> > http://www.w3.org/2003/12/22-pp-faq.html#outside-normative-ref
> > 
> > 32. Can a W3C Recommendation normatively refer to technology 
> > developed outside 
> > W3C with licensing terms that differ from those of the W3C 
> > Patent Policy?
> > 
> > Yes. W3C Recommendations may include normative references to 
> > standards or 
> > technologies developed outside of W3C. However, the Working 
> > Group should keep 
> > in mind the importance of royalty-free implementations of Web 
> > standards. In 
> > the event it becomes clear that the licensing status of those 
> > externally-
> > developed technologies could become a barrier to 
> > implementation of the 
> > technology according to the W3C Royalty-Free (RF) Licensing 
> > Requirements, W3C 
> > may choose not to publish the document or may launch a PAG.
> > 
> > As I said in our private conversation before you've sent your 
> > idea to the 
> > list, your interpretation opens an option. The Patent Policy 
> > is full of holes 
> > where people can try to escape the RF goals. But we have to 
> > respect the 
> > overall RF goal when searching the meaning of the words of 
> > the patent policy. 
> > With words taken absolute and in isolation, one can justify 
> > everything out of 
> > a given text, provided the text is long enough.
> > 
> > The conclusion line that you found was introduced to help 
> > with the referencing 
> > of standards from organizations with a different licensing 
> > scheme, e.g. ISO 
> > with a RAND policy, but where there is nothing known about 
> > encumbrance. 
> > 
> > In our case, we know about the encumbrance. Even if it would 
> > be a mere 
> > reference, it would import an known encumbrance into the XML 
> > Signature 
> > specification. The Group has decided that this is 
> > unacceptable and tries to 
> > resolve the issue with all options on the table. We tried 
> to convince 
> > RIM/Certicom to provide RF and failed. Remaining options are 
> > to trigger a PAG, 
> > or to leave ECC out.
> > 
> > Best, 
> > 
> > Rigo
> > 
> > On Thursday 26 August 2010 16:07:21 Hal Lockhart wrote:
> > > It was pointed out to me that the W3C Patent Policy, 
> > Section 8.2 says:
> > > 
> > > ----
> > > "The following are expressly excluded from and shall not be 
> > deemed to
> > >  constitute Essential Claims:"
> > > 
> > > [...]
> > > 
> > > "2. claims which would be infringed only by:"
> > > 
> > > [...]
> > > 
> > > "o the implementation of technology developed elsewhere and merely
> > >  incorporated by reference in the body of the 
> Recommendation." ----
> > > 
> > > It seems to me that this is exactly the case in signature 
> > and encryption
> > >  1.1. The actual use of ECDSA is specified in a NIST 
> standard, which
> > >  appears as a normative reference in the W3C documents.
> > > 
> > > I actually do not understand why this exclusion exists, but 
> > it appears to
> > >  me that the specification as written is compliant with the 
> > W3C Patent
> > >  Policy, regardless of what Certicom does.
> > > 
> > > Was the W3C trying to achieve something more than 
> > compliance with the
> > >  Patent Policy?
> > > 
> > > Hal
> > > 
> > 
> > 
> >
> 
> 
>
Received on Tuesday, 31 August 2010 12:14:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:14 UTC