<div dir="auto">I definitely want to hear any concerns... but I will also note that the crypto portions of the license were reviewed by a number of people who are expert in that space and they approved.<div dir="auto"><br></div><div dir="auto">My best guess is that you are concerned that this requires the disclosure of user-specific keys, and so you think that means that traditional crypto which relies on a private key or private cert would need to be disclosed. This is incorrect.</div><div dir="auto"><br></div><div dir="auto">They difference is between user keys and system keys. User keys form the basis of a user's identity and control over computation or data. Under the license, they must be controlled by the user alone. </div><div dir="auto"><br></div><div dir="auto">System keys, however, used for things like TLS and SSH, are not User Data within the scope of that term. They may be kept confidential and secure.</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Van<br><br><div data-smartmail="gmail_signature" dir="auto">__________________________<br>Van Lindberg<br><a href="mailto:van.lindberg@gmail.com">van.lindberg@gmail.com</a><br>m: 214.364.7985</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Feb 10, 2020, 7:17 PM Christopher Lemmer Webber <<a href="mailto:cwebber@dustycloud.org">cwebber@dustycloud.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Josh Berkus writes:<br>
<br>
> On 1/7/20 11:00 AM, Pamela Chestek wrote:<br>
>> The discussion is still active so it will not be considered at the next<br>
>> Board meeting, which is this Friday. The soonest would be the February<br>
>> Board meeting.<br>
><br>
> So, it's been a month since there's been any discussion about the CAL.<br>
> Pamela, can we take a poll of how people feel about the license?<br>
> Pass/Reject/MoreDiscussionNeeded?<br>
<br>
I'm not very sure if I'm in the right place to state this, but I'd say<br>
"Reject" or at least "MoreDiscussionNeeded". I believe there are very<br>
serious problems in the license that will (ironically, due to its name)<br>
prevent the ability to have safely private networks on cryptographically<br>
secure peer to peer networks. I believe I can demonstrate the privacy<br>
risks, and spend most of tomorrow doing a detailed and longer writeup<br>
about my concerns. Note that I don't think it's any malicious intention<br>
of the author to introduce these problems; I think Van is acting in good<br>
faith and interest there, but nonetheless I think the concerns exist and<br>
are very grave, if I understand correctly.<br>
<br>
If I am going to air them before the board meeting, am I doing it in the<br>
right place here? If so, I will follow up on the thread here tomorrow.<br>
<br>
- Chris<br>
<br>
PS: I'm sorry I haven't aired my very serious concerns earlier. Van<br>
asked me personally to review at last year's CopyleftConf and I never<br>
got around to writing up my thoughts. I regret that, and wish I had<br>
done so sooner... maybe I could have prevented a lot of trouble.<br>
Nonetheless I think it's important that I write them up now; I'm<br>
guessing we're in the "speak now or forever hold your peace" moment<br>
though, so I'm trying to articulate my concerns before it's too late.<br>
<br>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank" rel="noreferrer">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div>