Hi Simon,
It would be useful if you could explore with your lawyers if it is
actually easy for you to avoid problem (1). I'm wondering what
exactly the requirement for implementers to "request" this license
from you gives you. Your text suggest that you will never refuse to
grant the rights in your license to someone who ask, is that right?
If so, what problem would there be in granting the rights immediately
to everyone, without a need to request it from you?
Is your reason that you want to know who is using your IPR, and open
up a communication channel with them? To solve that concern, you
could write a request that everyone is requested, but not legally
required, to get in touch with you. That would get you into contact
with the majority that is positive about talking with you, and you
wouldn't need to hear from people who doesn't want to talk with you.
My understanding is this: The "request" for the GUL implies a promise not to
implement the PAS Functions. This promise is valuable to RedPhone Security.
If it's worth it to you to make the GUL promise (for whatever reasons, laws,
or possibilities that you see) then you can make the promise and receive the
GUL from RedPhone Security. Of course everyone is free to make their own
decision about whether it's better to make the GUL promise or not. But if
you don't make the promise, you won't get the GUL.
Replacing the need to request a license from you with a requirement to
place a comment in header files to make things clear to end users may
be acceptable, possibly barring the problem in the next paragraph.
This is basically the same as giving the rights directly to everyone,
without a need to contact you. So it seems you have already started
leaning towards that solution. (It is important that you do not
require that the comment is placed in all "advertising material", or
similar, or you will run into the problem that the original BSD
license had with GPL-compatibility.)
Making the GUL promise costs no money (that part is free); I hope it doesn't
cost anybody any time to _not_ implement the PAS Functions; and I don't want
to make the mechanics of making the request / promise cost a lot of time
either. But the GUL promise as "valuable consideration" is the cost of the
GUL to Manufacturers. As far as I can see, it's not ok to omit this.
I hope many people find the offer attractive. As I mentioned, I'm open to
suggestions and feedback on the mechanics of making the "request".
Another basic problem is that free software projects may not be able
to agree to your field-of-use limitation in (2) and at the same time
be compatible with license such as the GNU General Public License.
Thus they would never be able to implement tls-authz even without any
support for PAS under your license. I am not certain of this, but I
could ask the Free Software Foundation's lawyers about this -- they
are the copyright holder of GnuTLS which implements tls-authz without
PAS today, and can speak authoritatively about this.
I would appreciate if you would follow up with your lawyer(s) on this
question. As I've said before, I believe that even if GNUTLS/FSF (for
example) made the GUL promise, its software would continue to be "free to
use" because only GNUTLS (or whatever parent organization) would be bound to
honor that promise. I hope your lawyers will find this to be true.
Best regards,
mark
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf