- From: Matt Churchyard <matt@userve.net>
- Date: Thu, 5 Aug 2021 09:54:38 +0000
- To: "site-comments@w3.org" <site-comments@w3.org>
- Message-ID: <f305f0e93f954f9ab8f26b3c8daed713@userve.net>
Hello, I'm not sure where to ask about this, but as it's part of the w3 CSP specification, someone here may be able to provide some input. I am in the UK and have received a recorded letter telling me that the nonce feature of CSP2.0 is covered by a prior art patent (UK & US). The letter continues to state that "Licensing applies to any organisation making use of their software or the intellectual property pertaining to their patent" Obviously this feature is a documented part of the CSP specification which is widely used, and honestly I'm a bit surprised to get a demand like this for something that is part of an open internet standard. I have a good mind to argue back that the actual implementation of this feature is in the browser and therefore he should be chasing Google/Microsoft etc, in which case I doubt he'd get very far, but IANAL and have no idea how it is determined who is infringing/liable. Effectively we've been forced to just stop using this feature as my superiors are not happy about getting license/patent requests for something I've used in our website (even if it is simply a HTTP header). This person seems to have simply crawled our website and found a nonce in the CSP header so I would be surprised if we're the only business that have received this. Any advice on this or direction on where I can ask to get an informative response would be appreciated. Regards, Matt Churchyard
Received on Friday, 6 August 2021 03:39:51 UTC