On 08/12/2016 21:48, Gervase Markham wrote:
Require CAs to publish their CPs and CPSes under one of the following
Creative Commons licenses: CC-BY, CC-BY-SA or CC-BY-ND.
This is so that there is no legal impediment to their proper storage,
scrutiny etc. by relying parties.
Proposal: add an additional paragraph to point 17 of the Inclusion
policy, as follows:
CPs and CPSes must be made available to Mozilla under one of the
following Creative Commons licenses: Attribution (CC-BY),
Attribution-ShareAlike (CC-BY-SA) or Attribution-NoDerivs (CC-BY-ND). If
none of these licenses is indicated, the fact of application is
considered as permission from the CA to allow Mozilla and the public to
deal with these documents, and any later versions for root certificates
which are included in Mozilla's trust store, under CC-BY-ND.
(We would add links to the relevant license terms where each is mentioned.)
This could easily conflict with other legal obligations, such as
requirements to license said documents under a specific other license.
It would be more realistic to add wording which simply requires the
specific things that Mozilla, Relying parties, Subscribers and other
interested parties (such as the participants in this group) should be
allowed to do with those documents, for example:
- Publicly and privately read the documents.
- Publicly and privately Comment on and discuss the documents and
their meaning, including quoting from the documents in such
discussions.
- Storing, disseminating etc. discussion messages, regardless if they
contain such quotations or not.
- Store complete unaltered copies for later reference, even after a
document is no longer applicable, and make such unaltered copies
available as documentation as to what those documents contained at
relevant times in the past.
- Create non-binding "printouts" in formats such as paper, onscreen
display, copies in formats suitable for such use (including plain
text etc.).
- Apply technical precautions to ensure the permitted copies do not
change content or meaning. (For example, if the original document is
provided as a HTML5 file, embedded script, CSS etc. might cause it to
change depending on when, where and by whom it is being read, many
other file formats have similar risks).
- Act and make decisions in reliance on those documents to the extend
Mozilla had not received prior notification of changes to document
content or validity.
It is in particular noted that these things are a lot less than what
any of the regular CC licenses permit. For example, Mozilla has no
reason to require that other CA operators be permitted to reuse the
documents as their own, even though such other CA operators are
encouraged to participate in the permitted activities, such as publicly
talking about the practices of their competitor.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
