W3C home > Mailing lists > Public > site-comments@w3.org > August 2021

Patent notification for CSP 2.0 usage

From: Matt Churchyard <matt@userve.net>
Date: Thu, 5 Aug 2021 09:54:38 +0000
To: "site-comments@w3.org" <site-comments@w3.org>
Message-ID: <f305f0e93f954f9ab8f26b3c8daed713@userve.net>
Hello,

I'm not sure where to ask about this, but as it's part of the w3 CSP specification, someone here may be able to provide some input.

I am in the UK and have received a recorded letter telling me that the nonce feature of CSP2.0 is covered by a prior art patent (UK & US). The letter continues to state that "Licensing applies to any organisation making use of their software or the intellectual property pertaining to their patent"

Obviously this feature is a documented part of the CSP specification which is widely used, and honestly I'm a bit surprised to get a demand like this for something that is part of an open internet standard.

I have a good mind to argue back that the actual implementation of this feature is in the browser and therefore he should be chasing Google/Microsoft etc, in which case I doubt he'd get very far, but IANAL and have no idea how it is determined who is infringing/liable. Effectively we've been forced to just stop using this feature as my superiors are not happy about getting license/patent requests for something I've used in our website (even if it is simply a HTTP header).

This person seems to have simply crawled our website and found a nonce in the CSP header so I would be surprised if we're the only business that have received this.
Any advice on this or direction on where I can ask to get an informative response would be appreciated.

Regards,
Matt Churchyard
Received on Friday, 6 August 2021 03:39:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 6 August 2021 03:39:52 UTC