OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11-comment] PKCS#11 v2.40 headers licensing

HI Jaroslav, 

I'm Chet Ensign, OASIS TC Admin and author of the copyright block you mention was put there by me. I will see what changes I can make to make it more user friendly for you. 

Best regards, 


On Wed, Feb 17, 2016 at 4:52 PM, Jaroslav Imrich <jaroslav.imrich@gmail.com> wrote:
Hello all,

as a software developer I expect source code files (ANSI C headers included) to contain basic licensing information in a comment which is present on the first few lines. When I open older v2.20 header I see this comment:

/* License to copy and use this software is granted provided that it is
 * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
 * (Cryptoki)" in all material mentioning or referencing this software.

 * License is also granted to make and use derivative works provided that
 * such works are identified as "derived from the RSA Security Inc. PKCS #11
 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
 * referencing the derived work.

 * RSA Security Inc. makes no representations concerning either the
 * merchantability of this software or the suitability of this software for
 * any particular purpose. It is provided "as is" without express or implied
 * warranty of any kind.

These 12 lines tell me everything I need to know about the licensing terms and everything is clear. However when I open v2.40e1 header I see this comment:

 * PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Errata 01
 * Committee Specification Draft 01 / Public Review Draft 01
 * 09 December 2015
 * Copyright (c) OASIS Open 2015. All Rights Reserved.
 * Source: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/csprd01/include/pkcs11-v2.40/
 * Latest version of the specification: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
 * https://www.oasis-open.org/policies-guidelines/ipr

This comment tells me almost nothing about the license. It points me to OASIS IPR Policy instead. Actually I can only guess that OASIS IPR Policy may contain licensing details because comment contains only a plain link without any hint or explanation. Shortly after I begin to read IPR policy I find out that in order to interpret it I need to know under which mode PKCS11 TC operates. I would expect this information to be included in the comment but it is not. Few minutes later I am finding it on PKCS11 TC page [0] but I am already too exhausted to continue so I give up for now..

Could you please consider making licensing information available in a more friendly way? At least state in header that PKCS11 TC operates under the RF on RAND Mode of the OASIS IPR Policy and attach whole text of OASIS IPR Policy in a separate file. Just imagine that you will need to use these headers 20 years later after they have been published. Links may be dead until then.

[0] https://www.oasis-open.org/committees/pkcs11/ipr.php


Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]