That isn't quite a reply. It's a second hand account of Moxie denying that he asked for money. This story seems very troubling. The Wire guys made very specific claims (where did they get the >$2M figure from ... and why would they simply invent such a figure). If their implementation is in Rust then it cannot be the same as OWS' code.
It would be good if OWS could publicly clarify that reimplementing the Signal Protocol/Axoltl does not trigger any copyright claims by OWS even if doing so involved reading the GPLd version.
> The Wire guys made very specific claims (where did they get the >$2M figure from ... and why would they simply invent such a figure).
Their court filing[0] says the license fee was "unspecified" and the $2 million figure was based on "information and belief" which is legal terminology used to dodge perjury[1]. If they had really been told that, they wouldn't be using terms that mean "I heard that from somewhere second-hand and think it might be true".
IMHO, no credence should be given to lawsuits and accusations made without proof and right before OWS integrates with two huge partners. The accuser even filed a voluntary notice of dismissal with prejudice. Accusations without proof are just mudslinging.
Moxie has a great track record; the burden of proof is on the accuser, not the defendant.
If I implement haskell-signal and consult documentation and the code to understand the protocol but do not copy code, it's not clean room, but Open Whisper wants to see the protocol spread, so it's in their interest to more clearly state how someone is allowed to reimplement Signal in Common Lisp or FORTH, if one were so inclined, and release it under MIT.
That's not what happened. Wire didn't consult OWS documentation. They used the code itself, and (apparently) baked it into a closed-source product. How much sympathy am I meant to have for those people?
Moxie should use this incident to prominently make it clear in the protocol documentation that independent implementations are welcome. That's our best bet until there's an IETF RFC based on Axolotol everyone can implement instead.
Since nobody has provided any evidence that OWS ever suggested that using their documentation was improper, you might just as well suggest Moxie use this "incident" as an opportunity to announce that he's stopped beating his wife.
I've been pretty quiet about this, but over the last couple of months I have been trying to negotiate with Moxie a way to distribute the GPL licensed AxolotlKit on the iOS App Store in ChatSecure (which is open source). After being denied a license, I was told by Moxie that I would be unable to write a non-GPL AxolotlV3 implementation because there is not publicly available documentation, and that any re-implementation will necessarily be a derivative work because the source code must be consulted. You may notice the AxolotlV2 documentation has been removed... and there was never documentation for AxolotlV3. The only public spec is the original double ratchet, and a few blog posts, which don't include things like signed prekeys and 4-way DH.
Hey Chris, as you know, we have no problem with you distributing our GPL software through the app store.
Most of your communication has centered around asking us to change the license on our source base to something other than the GPL. We like the GPL for the quality control that it provides. If someone publicly says that they're using our software, we want to see if they've made any changes, and whether they're using it correctly.
You don't like the GPL because you feel that it is incompatible with the Apple App Store, despite our feelings to the contrary. If you'd like to do the work of developing a strong copyleft version of the GPL that you feel is appropriate for use in the app store, and get it OSI approved, we'd certainly look at using that.
As for documentation, there has never been a protocol called AxolotlV2. There was TextSecure, the crypto layer of which has evolved into Signal Protocol. We'd like to get this better documented so that people without crypto expertise can integrate it without having to talk to us, but that's a pretty heavy task that comes with a massive amount of responsibility, and some parts of this are still evolving. It's a priority, but we are taking the time to do it right, and hopefully we'll have more to publish this year.
We haven't patented any of the concepts here, and we've done a lot to explain and popularize them. We're happy for people to use these concepts to build their own implementations of similar protocols, but we don't want people slapping things together and calling that Signal Protocol.
The FSF and SFLC take the position that the GPL is incompatible with the iOS App Store restrictions, since it forbids adding additional restrictions. However, GPL3 has official support for "additional permissions" and it's still FSF / OSI approved with those added. It permits dropping the additional permissions and using the software as pure GPL3. So that seems like the best approach, but Apple's restrictions are probably a moving target and it would erode the copyleft aspect of the license.
When the author say "we have no problem with you distributing our software through the app store", then I would just get that in some more official writing that include you, apple, and more detailed description on what permission is exactly given. The primary purpose of any software license is to shield the downstream distributor against being charged under copyright infringement, but a personal permission is equally fine in a legal sense so long you don't intend that downstream from you should also be able to distribute your version.
It looks like you can publish GPL apps in the App Store if you are the author. If you want to use someone's GPL lib in your app, then you might have a problem...
The GPL is not compatible with the Apple App Store because it contains: "You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License." By submitting an app to the Apple App Store and signing the license an author can grant that right to Apple, but somebody that wants to use the code can't do that...
That's somewhat helpful but doesn't fully address Chris's story. Would Chris be able to write his own implementation, interoperable with AxolotlKit (the iOS Signal Protocol implementation), from scratch, without any explicit code reuse, and then publish it under whatever license he chooses?
If the answer is yes, I strongly encourage you to publish an official statement from OWS stating so. I know for a fact that FOSS projects are losing their funding because of the impression that even if they write their interoperable implementation from scratch there would still be licensing questions.
You've clarified this somewhat on Twitter before, but if you can publish a short statement on behalf of OWS, that would go a long way into clearing up the issue for a lot of free software developers. Thanks.
I don't understand the cultural reference and I'll assume it's irrelevant, but the Oracle vs Google saga made me very very cautious when it comes to clean room reimplementations of public bits, and if I were to earn money with such a library, I'm afraid I'd need more than Moxie's tweet.
This cultural reference I get even less than the first one, but I'll just ignore the references.
I'm not sure if you're missing the context. This branch of the thread forked off me asking the same thing as another poster, namely the likelihood of being bothered by IP or Copyright claims for a real, proper clean room implementation of the protocol, zero code copied, assuming there is sufficient documentation available.
Oracle vs Google is relevant, but it seems we're talking past each other and maybe I'm missing a point you're making.
I simply disagree with you that Moxie Marlinspike is in any way accountable for what Oracle does with Java.
I also take exception to the argument that Open Whisper Systems needs to do something to mitigate your false impression that they've disallowed developers from using their documentation. They have not, nobody has credibly claimed otherwise, even the Wire people, and so I don't think it's proper to suggest that OWS take this "opportunity" to address a fictitious concern.
Maybe my English is imprecise, but that's not what I tried to express. We may have to disagree that the OracleVsGoogle fallout is relevant in the hypothetical case of Axolotl IP, but as we're both not lawyers, it's moot to continue that debate.
> I don't think it's proper to suggest
It wouldn't cost Moxie anything to clear such concerns, even if it's just a handful of HN reader (including me), in light of this public event and would increase the positive profile of the protocol. You make it seem like by documenting that clearly Moxie would admit to doing something, but that's wrong and a curious way to look at things, especially as you're confident of there being no problem like that.
> does not trigger any copyright claims by OWS even if doing so involved reading the GPLd version.
I'm pretty sure having GPLed code open, reading it and writing some new software counts as a "derived work", and the GPL would apply. That's what most people who release FLOSS want to happen.
