OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: PKCS #11 V2.40 header files

Hi all -

I checked with Chet on this -- we'll be using the normal OASIS boilerplate in the header files.  I should be able to do a first cut at the v2.40 header file by the end of the weekend (once I get back from this latest trip),



----- Original Message -----
From: Stef Walter [mailto:stefw@redhat.com]
Sent: Thursday, June 06, 2013 01:00 PM
To: Tim Hudson <tjh@cryptsoft.com>
Cc: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
Subject: Re: [pkcs11] Groups - PKCS #11 V2.30 header files uploaded

On 30.05.2013 03:44, Tim Hudson wrote:
> (had to extract the email from my spam folder ...)
> On 30/05/2013 11:00 AM, Wan-Teh Chang wrote:
>>  This license is believed to be incompatible with the GPL.
> To be more complete in the statement - some people claim that it *might
> be incompatible *with the GPL but no one has actually demonstrated how
> or why this is actually the case and there has been no actual legal view
> point from anyone who is a lawyer in the open source community.

Here's how I as the maintainer of several open source projects using
pkcs11 headers have had to approach the issue:

The introduction of additional restrictions makes a license incompatible
with the GPL. The must-mention-RSA-in-derived-work clause is such an
additional restriction.

The original 4 clause BSD license had a similar clause, and was not GPL
compatible. You can read the FSF's information about that here:


I have used/installed RSA provided PKCS#11 header files in the open
source projects I maintain, and they have not accepted by the open
source community until the licensing issue was rectified. This has
happened a couple times to my projects.

Thus I now use a reimplementation of the header files provided by the
GnuPG project. An additional benefit is that it is a single header file.

The above may be incorrect in your view, but that does not change the
effect that this must-mention-RSA clause has on open source projects
using the RSA provided license:

With the exception of NSS (which has a complex multiple license scheme),
most GPL compatible open source projects currently cannot and/or do not
use the RSA provided PKCS#11 header files.

In order to provide a more substantive answer to this question, I have
written licensing@fsf.org on this matter.



To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]