Date: Fri, 14 Oct 2016 06:57:57 -0400
From: Peter Todd <pete@petertodd.org>
To: Sergio Demian Lerner <sergio.d.lerner@gmail.com>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20161014105757.GA8049@fedora-21-dvm>
References: <CAKzdR-oaqUicPhCjfbyX92odVs9LOzvhUOY6nyd9K2RdC_9b_g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB"
Content-Disposition: inline
In-Reply-To: <CAKzdR-oaqUicPhCjfbyX92odVs9LOzvhUOY6nyd9K2RdC_9b_g@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [bitcoin-dev] DPL is not only not enough,
 but brings unfounded confidence to Bitcoin users
Precedence: list


--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 14, 2016 at 07:38:07AM -0300, Sergio Demian Lerner via bitcoin-=
dev wrote:
> I read the DPL v1.1 and I find it dangerous for Bitcoin users. Current
> users may be confident they are protected but in fact they are not, as the
> future generations of users can be attacked, making Bitcoin technology
> fully proprietary and less valuable.

Glad to hear you're taking a conservative approach.

So I assume Rootstock is going to do something stronger then, like
Blockstream's DPL + binding patent pledge to only use patents defensively?

    https://www.blockstream.com/about/patent_pledge/

Because if not, the DPL is still better than the status quo.

> If you read the DPL v1.1 you will see that companies that join DPL can
> enforce their patents against anyone who has chosen not to join the DPL.
> (http://defensivepatentlicense.org/content/defensive-patent-license)
>=20
> So basically most users of Bitcoin could be currently under threat of bei=
ng
> sued by Bitcoin companies and individuals that joined DPL in the same way
> they might be under threat by the remaining companies. And even if they
> joined DPL, they may be asked to pay royalties for the use of the
> inventions prior joining DPL.
>=20
> DPL changes nothing for most individuals that cannot and will not hire
> patent attorneys to advise them on what the DPL benefits are and what
> rights they are resigning. Remember that patten attorneys fees may be
> prohibitive for individuals in under-developed countries.
>=20
> Also DPL is revocable by the signers (with only a 180-day notice), so if
> Bitcoin Core ends up using ANY DPL covered patent, the company owning the
> patent can later force all new Bitcoin users to pay royalties.

Indeed. However, you're also free to adopt the DPL irrevocably by additiona=
lly
stating that you will never invoke that 180-day notice provision (or more
humorously, make it a 100 year notice period to ensure any patents expire!).

If you're concerned about this problem, I'd suggest that Rootstock do exact=
ly
that.

> Because Bitcoin user base grows all the time with new individuals, the so=
le
> existence of DPL licensed patents in Bitcoin represents a danger to Bitco=
in
> future almost the same as the existence of non-DPL license patents.

To be clear, modulo the revocability provision, it's a danger mainly to tho=
se
who are unwilling to adopt the DPL themselves, perhaps because they support
software patents.

> If you're publishing all your ideas and code (public disclosure), you
> cannot later go and file a patent in most of the world except the US, whe=
re
> you have a 1 year grace period. So we need to do something specific to
> prevent the publishers filing a US patent.

Again, lets remember that you personally proposed a BIP[1] that had the eff=
ect
of aiding your ASICBOOST patent[2] without disclosing that fact in your BIP=
 nor
your pull-req[3]. The simple fact is we can't rely solely on voluntary
disclosure - your own behavior is a perfect example of why not.

[1]: BIP: https://github.com/BlockheaderNonce2/bitcoin/wiki
[2]: ASICBOOST PATENT https://www.google.com/patents/WO2015077378A1?cl=3Den
[3]: Extra nonce pull request: https://github.com/bitcoin/bitcoin/pull/5102

> What we need much more than DPL, we need that every BIP and proposal to t=
he
> Bitcoin mailing list contains a note that grants all Bitcoin users a
> worldwide, royalty-free, no-charge, non-exclusive, irrevocable license for
> the content of the e-mail or BIP.

A serious problem here is the definition of "Bitcoin users". Does Bitcoin
Classic count? Bitcoin Unlimited? What if Bitcoin forks?

Better to grant _everyone_ a irrevocable license.


Along those lines, it'd be reasonable to consider changing the Bitcoin Core
license to something like an Apache2/LGPL3 dual license to ensure the copyr=
ight
license also has anti-patent protections.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--DocE+STaALJfprDB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJYALoyAAoJEGOZARBE6K+yf+EH/0YPBCb1poEiV+UJeCdVyYjl
SLh4Z8lDgHS6JbL7mb6t9B9dT5JnVjFpgq1D8K50KaEyxuufmXiIpRlnylJZOr4s
IAmm9XFfbO0jXwMw04z49V3ZyA7rABuue5JrQo0tS841udyaV9stS/vx4vgwl81u
r4r2OblJ3iXB04D1GDHE0NYRP37CHX8HR540gBFS+GMSEoRRQuzPJwSGrpE5zrgq
Hx9/7+LaH0Q2XJzYnzdwj+btPcW8iHC4PGUyl5ia+7dr+t8JRgRHvMtZy+rfTI7P
IFIGFnjdCwetGlewWgdBXjcGafx9+Sc4Ngktas0O04gEYR9q0wVry7lrYVeaGvU=
=zUJV
-----END PGP SIGNATURE-----

--DocE+STaALJfprDB--