[cabfpub] CPs, CPSes and copyright

i-barreira at izenpe.net i-barreira at izenpe.net
Tue May 26 23:52:30 MST 2015

Yes, we had similar response from our legal team. 

Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

-----Mensaje original-----
De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Rick Andrews
Enviado el: martes, 26 de mayo de 2015 21:05
Para: Gervase Markham; CABFPub
Asunto: Re: [cabfpub] CPs, CPSes and copyright


I ran this by my legal team, and here's the feedback I received:

- Intellectual property rights, like copyright rights, may only be granted in writing. Therefore an "implied license" would not apply to a document like a CA's CPS.

- There is a legal doctrine known as "fair use" that we feel adequately covers the public comment process that Mozilla wishes to preserve. "Fair use" allows for someone to excerpt parts of the document in order to draw attention to it.

- We are concerned about derivative works. Many CAs spend a lot of time and effort to craft these documents, and would not want a new CA to simply copy the documents and claim them as their own. While that might further strengthen the CA system, I feel that it's more likely that a new CA will copy the documents without understanding what they mean, and without adopting the practices described in them.


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Thursday, May 14, 2015 5:18 AM
Subject: [cabfpub] CPs, CPSes and copyright

Hi everyone,

Mozilla is pondering the copyright status of CPs, CPSes and certificates. It has come to our attention that some CPs/CPSes contain language that says the document may not be redistributed, in part or in full, by third parties without prior express written agreement.

Mozilla takes copies of CP and CPS documentation for review, and sometimes excerpts it or manipulates it in other ways. It's possible that a CA's application for inclusion gives us an implied license to do this (given that the CA is aware of our processes), but that would not extend to other parties who were reviewing the documents to make their own trust decisions.

Our current inclusion policy[0] mandates only that such documentation must be "publicly disclosed" and "available from the CA's official website"
(section 17).

In regard to publicly-disclosed intermediate certificates, our policy also
states: "All disclosure MUST be made freely available and without additional requirements, including, but not limited to, registration, legal agreements, or restrictions on redistribution of the certificates in whole or in part."
(section 10)

As well as considering our own requirements, Mozilla believes that the health of and trust in the CA ecosystem is best promoted and preserved when documents used to make trust decisions are freely available, distributable, analysable, and commentable-upon. We want to allow people, other than us, the convenience and freedom necessary to make their own determinations.

Therefore, we are pondering adding an additional requirement regarding the copyright status of certificates and policy documents, to put them in the same category as intermediate certificates are now. At the moment, our proposal is that we leverage the existing work of Creative Commons, who write good licenses, and say that CPs, CPSes and certificates must be available under one of two licenses:

-- This means anyone can copy, redistribute or modify the document, as long as attribution is given to the original author (the CA). Clearly, only the copy on the CA's website would be regarded as authoritative.

-- As above, but with the restriction that people may not make derivative works of the document. We think that allowing derivative works is preferable, and would help to further strengthen the CA system as best practice is shared, but we suspect some CAs may be uncomfortable with that possibility, so we offer this compromise.

CAs would also be free, of course, to offer alternative terms in addition, for other purposes, as they saw fit.

We would appreciate comments and thoughts regarding this proposal.


Public mailing list
Public at cabforum.org

More information about the Public mailing list