Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Protecting Free and Open Protocols

By MoxFulder in News
Sat May 13, 2000 at 03:27:59 PM EST
Tags: Internet (all tags)
Internet

With the Microsoft/Slashdot conflict raging, many people (including Bruce Perens of Technocrat) are lamenting MIT's decision not to release Kerberos under the GPL. I'm no expert on this, but I believe that it is impossible to copyright a protocol per se or otherwise put it under the GPL or any other license. It is, however, possible to patent a protocol. But GNU and the FSF are opposed to software patents. Is this the right approach? Are there any ways of protecting protocols that don't involve patents? I think that there are some larger issues here about the fundamental freedom of protocols...


In many ways, not allowing protocols to be copyrighted is a good thing. Webster's says that a protocol is a "set of conventions governing the treatment and esp. the formatting of data in an electronic communications system." Computer protocols, just like diplomatic protocols, are supposed to facilitate communication by making sure that everyone knows the rules. Thus protocols should be freely distributable so that a maximum number of people and computers are able to exchange information.

It becomes clear that Microsoft is perverting the very concept of a protocol by not making theirs free and open. Now here's where it really gets insidious: obviously their so-called "proprietary protocol" is useless if only they know it. Even if they incorporated it into their own internal products it would be relatively benign. But what Microsoft will undoubtedly do is leverage their market clout, and license this protocol to select developers for a hefty price.

Those companies which license Microsoft's mutant Kerberos protocol will be the only companies able to communicate with all Kerberos-enabled servers everywhere. Open source Kerberos implementations, on the other hand, will only be able to communicate with each other. Microsoft's proprietary protocols are abusing the good will and open nature of the Open Source community. Microsoft builds on the free and open Kerberos protocol developed at MIT, but prevents everyone in turn from building on their own modifications.

In some ways, Microsoft's license agreement for the Kerberos derivative seems to be a specific snub to the open source community. As I read the agreement (see this article), anyone can agree to the license and then implement this protocol in a closed source product since a binary executable will not reveal the protocol! On the other hand, open source software necessarily reveals the protocol to everyone and thus violates the license agreement!

Here's my idea for a solution: Microsoft is specifically objecting to the verbatim distribution of a proprietary document on Slashdot. But what is this document about? It merely defines their version of the Kerberos protocol. Since, as I stated above, they can't copyright the actual protocol, why can't someone in the open source community summarize or rewrite this protocol and make their specification freely distributable? Just as KDE is free to emulate Microsoft Windows as long as they don't use any Microsoft code, aren't we free to implement their protocol without copying their document?

In the future, patents might be a way to protect protocol freedom. GNU is opposed to software patents, but a protocol itself really isn't software, and I see no reason why they could not create a patent version of the GPL. Just as GNU uses copyright law, in the form of the GPL, to protect software freedom, they might be able to use patent law to protect the freedom of protocols. I do not know the intricacies of patent law, however, and I am very curious to know if this is feasible.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Slashdot
o Technocrat
o Technocrat
o Kerberos
o this article
o Also by MoxFulder


Display: Sort:
Protecting Free and Open Protocols | 22 comments (22 topical, editorial, 0 hidden)
Very well put.... (1.00 / 2) (#4)
by cjoh1111 on Sat May 13, 2000 at 01:24:39 PM EST

cjoh1111 voted 1 on this story.

Very well put.

"Are there any ways of protecting p... (3.30 / 3) (#1)
by Inoshiro on Sat May 13, 2000 at 01:36:21 PM EST

Inoshiro voted 0 on this story.

"Are there any ways of protecting protocols that don't involve patents?"

Sun Microsystems has a Java(tm) certification process, backed up by legalese if you decide to not take it but still say you work with Java(tm).. This could easily be applied to any protocol. Have the MIT people get some legalese behind using "Kerberos" and have FREE Kerberos interoperability. If the Unix Kerberos can't read the Win2k Kerberos, have it not get the legal right to say it can interoperate.

Of course, they didn't do that, and now embrace and extend has taken hold. Naturally, no one has benefitted from it.



--
[ イノシロ ]
Post it away! I'd never thought abo... (3.00 / 3) (#3)
by tidepool on Sat May 13, 2000 at 01:38:08 PM EST

tidepool voted 1 on this story.

Post it away! I'd never thought about the issues mentioned in this article before. I'd be interested in (helping) creating a GPL like license for protocols. It seems that it would benefit many users, and (open-source) products out their today.

If you are interested in creating such a license, please get in contact with me, tidepool@suspicious.org, and we can discuss. If many people are interested, I could also form a mailing list for this sole purpose.

Oh, and points for MoxFulder for the inspiring writeup / story.

could be an interesting discussion.... (1.00 / 1) (#9)
by kevin lyda on Sat May 13, 2000 at 01:39:40 PM EST

kevin lyda voted 1 on this story.

could be an interesting discussion...

Really what you're suggesting here ... (4.00 / 3) (#7)
by madams on Sat May 13, 2000 at 01:50:28 PM EST

madams voted 1 on this story.

Really what you're suggesting here is a patent version of the copyleft principle. Anyone would be able to extend the protocal as they see fit as long as they distribute their changes to the rest of the community. I'm not sure how this would fit into existing patent law. The point of a patent is that other people can't use your invention without your permission (of course the copylefted patent could grant use to everyone). The problem is that a patent is an explicite right, whereas copyright is implicit. You have to submit an application to the PTO in order to be granted a patent. Copyright, on the otherhand, is an implied right whenever you create a work. The copyright automatically goes to the author whenever a work is created. Even the term 'copyleft' shows it's origins as a modification to the principle of copyrights, and not necessarily to other forms of intellectual property (patents and trademarks, for instance). Another issue is that registering a patent in the US does not guarantee rights in other countries. Copyleft is the ultimate anti-piracy measure, since copylefted works can't be pirated (take that, MPAA!) Did Microsoft actually use any of the Kerberos source code? If they didn't then the GPL would not have helped in this case. Also, what extensions did Microsoft make to the Kerberos protocal. Maybe someone who knows more about it could, as MoxFulder suggests, summerize the Microsoft specification to show what the Microsoft specifications are. However, there's one problem. According to Section 1(b) of the license that is included with the MS spec: If you are an entity, you may disclose the Specification to your full-time employees on a need to know basis, provided that you have executed appropriate written agreements with your employees sufficient to enable you to comply with the terms of this Agreement. You are also permitted to discuss the Specification with anyone else who has downloaded the Specification and agreed to these terms and conditions. This would seem to prohibit the summerization suggested. Kind of puts a damper on things. :-(

--
Mark Adams
"But pay no attention to anonymous charges, for they are a bad precedent and are not worthy of our age." - Trajan's reply to Pliny the Younger, 112 A.D.

Re: Really what you're suggesting here ... (3.00 / 2) (#14)
by Qtmstr on Sat May 13, 2000 at 07:16:49 PM EST

Use a statutory patent. A statutory patent is an inexpensive form of patent in which the patent holder claims no IP rights over the patented idea --- Basically, it's a way of explicitly putting it in the public domain.


Kuro5hin delenda est!
[ Parent ]
This is something that definitely n... (2.00 / 1) (#8)
by jmcneill on Sat May 13, 2000 at 01:58:57 PM EST

jmcneill voted 1 on this story.

This is something that definitely needs to be done. Reading this made me think of the movie "Pirates of Silicon Valley", the part where Gates screwed Apple over.
``Of course it runs NetBSD.''

While this is a great idea (the ide... (3.50 / 2) (#2)
by kovacsp on Sat May 13, 2000 at 02:20:18 PM EST

kovacsp voted 1 on this story.

While this is a great idea (the idea of summarizing the protocol in one's own words) I don't think it'll work because Microsoft is claiming that the protocol is a 'trade secret' which means that you get in trouble if you disclose it to anybody.

Frankly I'm sick of the whole thing. Microsoft is using vendor definable portions of the Kerbos protocol. They aren't doing anything "wrong", they're just being a bunch of knee-biting jerks. (What's new there, eh?)

Personally, I think the real solution is to simply not use Microsoft at all. It can be done you know. At my work (KnowPost.com) we run an all Linux office. The only thing microsoft in the office is the mice. How's that for irony, eh? Now, with a complete lack of Microsoft, you can run your own damn version of Kerbos and never have to deal with it!

Trade secret v. copyright (3.50 / 2) (#12)
by kmself on Sat May 13, 2000 at 05:06:14 PM EST

Microsoft's claim against Slashdot was based on copyright law, and specifically DMCA provisions (though it's not clear whether they meant the takedown (512) or anticircumvention (1201), or both, sections of the statute.

Trade secret status of the materials referred to by Microsoft is questionable at best. IMO the protections on material were exceedingly weak, and could have been circumvented by a number of means, either legal or transjurisdictional (e.g.: the material was leaked outside of jurisdictions covered by trade secret statutes).

WRT dropping MSFT entirely, well, it's been done, at least for specific versions of MSFT. But for many shops, it's not yet feasible to go cold-turkey.

OTOH, starting to plan a migration path now -- switching to protocols (TCP/IP, IMAP, POP3), standards (HTML, XML, LaTeX), and server (MySQL, Oracle, Sendmail, nntpd) and client (StarOffice, Corel, Netscape, Opera) applications which are cross-platform, reduces the eventual migration headaches greatly.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

very interesting point of view, had... (1.00 / 1) (#5)
by thelaw on Sat May 13, 2000 at 02:34:33 PM EST

thelaw voted 1 on this story.

very interesting point of view, had not considered this angle...

"I believe that it is impossible to... (3.70 / 3) (#6)
by farlukar on Sat May 13, 2000 at 03:06:09 PM EST

farlukar voted 1 on this story.

"I believe that it is impossible to copyright a protocol per se" I did a quick lookup with altavista: Network Time Protocol (NTP). Copyright 1992, David L. Mills. The University of Delaware makes no representations about the suitability of this software for any purpose. Point-to-Point Protocol. Copyright 1989, Carnegie-Mellon University. All rights reserved. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. The X Window System is a trademark of the Massachusetts Institute of Technology. Copyright 1987, Digital Equipment Corporation, Maynard, Massachusetts, and the Massachusetts Institute of Technology, Cambridge, Massachusetts. All rights reserved.
______________________
$ make install not war

Copyright, protocols, ideas, expression (none / 0) (#13)
by kmself on Sat May 13, 2000 at 05:18:28 PM EST

While the text of a particular description of a protocol can be covered by copyright, the ideas contained within it cannot. Thus Microsoft's claim of a trade secret in the case of Kerberos.

To protect a protocol, other means are necessary.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Copyright, protocols, ideas, expression (3.00 / 1) (#16)
by farlukar on Sat May 13, 2000 at 10:35:45 PM EST

I agree with that, but probably MS's (or whoevers) lawyers won't.
You can rightclick kerbspec.exe and choose "open with WinZip" (I like to see first if something's worth contaminating my disk space) and never see the EULA.

I don't know how you can call something anyone can download and view (possibly without seeing EULA) a trade secret, but smart lawyers probably will.
______________________
$ make install not war

[ Parent ]
Re: Copyright, protocols, ideas, expression (3.00 / 1) (#17)
by Toojays on Sun May 14, 2000 at 02:39:49 AM EST

I always thought that once a trade secret is "out in the open" (e.g. posted on Slashdot), it is no longer considered "secret" and so loses it's protection. Isn't that what happened to RSA's RC4? Someone anonymously posted the details to Usenet and so it's no longer considered a trade secret?

[ Parent ]
Protecting a trade secret (none / 0) (#19)
by kmself on Sun May 14, 2000 at 04:09:14 AM EST

My read (oblig: IANAL) is similar to yours -- the veil of trade secrecy was lifted, at the very least, when the content of Microsoft's specification was posted publicly (legally or otherwise) to Slashdot.

It may very well have already been lifted already by Microsoft's publishing the protocol in the manner it had been. If I were Slashdot/Andover, this would be the tack I'd try tackling if Microsoft were arguing for trade secret violation.

Lacking trade secrecy, IMO fair use and common-carrier arguments for not taking down the post are plausible.

'Course, proof is in court, if Microsoft insists on taking it there.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Patents don't apply either (4.30 / 3) (#10)
by fluffy grue on Sat May 13, 2000 at 04:07:38 PM EST

MSFT can always claim that their implementation of Kerberos is a "useful extension" to Kerberos, and hence itself patentable - definitely a Bad Thing, since then even cleanroom reverse-engineering would fall under patent violations.

In any case, MSFT's lawyers would still be opposed to a "retelling" of the protocol, since then that means that whoever retold it *must* have violated the NDA (even if it was a cleanroom reverse-engineering) since the spec is so available. However, I don't think they'd have any legal grounds to sue there (though plenty of FINANCIAL grounds) because it's very simple for someone to "unknowingly" get around the EULA. Also, any judge with half a brain would probably notice that they're using very exclusionary tactics here (making it so that only Windows users would see the EULA to begin with, only allowing binary reimplementations, etc.).

In the meantime, MSFT still thinks they haven't done anything wrong and can't understand why the mean ol' government wants to break them up (and why trying to settle with terms which were relevant 3 years ago but aren't relevant anymore isn't working).
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]

Embrace & extend w/ patents (none / 0) (#11)
by kmself on Sat May 13, 2000 at 04:55:32 PM EST

While a standard could be extended and the extension patented, if the underlying protocol were patented, the extending party would have to obtain license to the patent from the original party.

It's not all fun and games though. Sometimes (often) it's possible to get multiple patents covering a similar concept. Given how the US Patent Office works (or doesn't), it's not unlikely that a subsequently issued patent would be seen to cover designs of existing products. So it's a tricky game.

Not to say it wouldn't work, and IMO other methods (trade and certification marks) are better. But I wouldn't write it off entirely. Selective patenting of key technologies, if controlled by a friendly party, could actually be very good to free software and open standards. I'm not saying patents are universally good, but they're not universally bad either.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Copyrights and Protocols (2.50 / 2) (#15)
by Anonymous Hero on Sat May 13, 2000 at 10:31:59 PM EST

It's true that the substance of protocols seemingly can't be copyrighted. However, the name of those protocols can be copyrighted. For instance, even though the Mesa library is mostly (if not completely) OpenGL compatible, SGI has copyrighted the name OpenGL, so while Brian Paul can say that its API is similar to that of OpenGL, it can't be said to be compatible. While it's probably too late for Kerberos, perhaps the best thing to do in the case of open protocols is for the author to copyright the *name* of the protocol, and restrict use of the name to implementations that are open. Thus Microsoft would be restricted to saying that their intentionally botched implementation of Kerberos was similar to, but not actually Kerberos. I think that distinction would give many of their customers pause.

Copyright vs. trademark (none / 0) (#18)
by kmself on Sun May 14, 2000 at 04:01:47 AM EST

Single words, short phrases, and the like, cannot be copyrighted. They can be trademarked. Which are you referring to?

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Copyright vs. trademark (none / 0) (#20)
by Anonymous Hero on Sun May 14, 2000 at 06:09:30 PM EST

I stand corrected on the issue of copyrighting (vs. trademarking) the *names* of protocols. But substitute the word trademark for copyright in what I said, and I think my argument still stands: you can't restrict the use of open protocols, but you can restrict what the implementations can be called. And if a particular implementation (say, an "extended", proprietary one) can't use the name of the original protocol, or claim compatibility, then the success of that proprietary implementation in the marketplace will be diminished.

[ Parent ]
Spot on (none / 0) (#21)
by kmself on Sun May 14, 2000 at 06:47:20 PM EST

I'm sitting on an extended article I've written on this topic -- submitted to the editors list, though I suspect people have been on break over the weekend. Specifically, there are some powerful mechanisms involving certification marks and compliance requirements which can be used to test, validate, and certify protocol compliance.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Free and Open Protocols (none / 0) (#22)
by dlc on Mon May 15, 2000 at 07:43:01 AM EST

    obviously their so-called "proprietary protocol" is useless if only they know it.

In many places you have Microsoft clients (NT workstation, Win9x, Win2K pro) talking to Microsoft servers (NT server, Win2K), and that's all. Not so useless -- since the majority of corporate users will be using one of these anyway (until the breakup anyway).

    Microsoft's proprietary protocols are abusing the good will and open nature of the Open Source community.

Right, this is the whole point of the Halloween Documents, and implicitly assumed by the Microsoft folk. You can open source code, but not protocols. Without this insight, they would be just another (bad) software company.

    GNU is opposed to software patents, but a protocol itself really isn't software, and I see no reason why they could not create a patent version of the GPL. Just as GNU uses copyright law, in the form of the GPL, to protect software freedom, they might be able to use patent law to protect the freedom of protocols.

Bravo! This is brilliant, but I'm not sure how it would work. The GPL works in a viral way -- any direct derivatives (i.e., they share code) must also be GPL'ed -- but like you mention in the article, protocols are not code. I also do not understand all the intricacies, but I am hopeful that this might work.

darren


(darren)

Protecting Free and Open Protocols | 22 comments (22 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!