Jon Callas says:
1. Though my implementation is indeed public domain, the very algorithm is
*not*, as Dr. Yuliang Zheng clearly states in his HAVAL page. However,
he's very liberal in conceding "licenses" (in fact, absolutely no fee is
due; Dr. Zheng only wants to keep track of where HAVAL is being used).
I'm a little concerned about this. It is my understanding of copyright law
that one can copyright an *implementation* but not an algorithm. I wrote
Dr. Zheng, and he gave me permission to put it in OpenPGP. However, I am
still concerned about putting in an algorithm that someone claims
"copyright" on. Furthermore, we need an OID for it.
I would not be concerned of mere "copyrights" - for example, I say that
DES/SK is "copyrighted" by me and Steve Bellovin. So what? As long as
that ownership is acknowledged and the authors are held harmless,
anybody can do whatever they wish with the algorithm: implement
it, sell the implementation, give the implementation away, etc.
Does anyone have an opinion? Should I strike HAVAL? Should I leave it there
even if it's just a placeholder for later? It's certainly nice to have
extra hash algorithms, but it is by no means something we should delay
over. It can always go in 1.1.
I think this is a no-brainer. If Dr. Zheng only wants his "ownership"
to be acknowledged (like - "this is HAVAL function invented by Dr.
Zheng") there is no problem. If however he demands something more
than a mere recognition - you may consider striking the algorithm
out.
The simplest solution is to check with Dr. Zheng and ask what his
requirements are and what his copyright says.
--
Regards,
Uri uri(_at_)watson(_dot_)ibm(_dot_)com
-=-=-=-=-=-=-
<Disclaimer>