Hello,

Do we consider ASN.1 modules (e.g. the specification of
AttCertValidityPeriod in rfc 3281) to be code or specification?

On one hand the rfc coyright fixup for "code components" in newer
RFCs (post Nov 2008) explicitely includes ASN.1 modules as one of
the things being made available under BSD licenses. Which implies that
they are code, or at least that somebody thought clarification could not
hurt.

On the other hand these modules are a core part of the standards the
RFCs describe, they are not fundamentally different to e.g. the BNF
notation specification of mail messages in rfc 2821.

Do we have a strong opinion in Debian about this? It is not uncommon to directly generate C source from ASN.1 modules. We could not do this if we considered the ASN.1 code. (Except for new RFCs and re-licensed RFCs)

TIA, cu Andreas

--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Andreas Metzler <[email protected]> writes:

Hello,

Do we consider ASN.1 modules (e.g. the specification of
AttCertValidityPeriod in rfc 3281) to be code or specification?

On one hand the rfc coyright fixup for "code components" in newer
RFCs (post Nov 2008) explicitely includes ASN.1 modules as one of
the things being made available under BSD licenses. Which implies that
they are code, or at least that somebody thought clarification could not hurt.

On the other hand these modules are a core part of the standards the
RFCs describe, they are not fundamentally different to e.g. the BNF
notation specification of mail messages in rfc 2821.

Do we have a strong opinion in Debian about this? It is not uncommon to directly generate C source from ASN.1 modules. We could not do this if we considered the ASN.1 code. (Except for new RFCs and re-licensed RFCs)

Hi! I believe the whole distinction between what is code and what is specification was a mistake that the IETF did. As far as I know, Debian
does not care, as long as the license is free. If the IETF is clear
that ASN.1 modules are BSD licensed, I don't think there is any problem
for Debian -- or what would the problem be?

/Simon

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCXsGy2AAKCRBRcisI/kdF or7aAQCRbuEAbwtyhCjqmJnRRcexUyqSu4M3mC/p485oXGQf2QEA9wG4qaJH/n74 3tTrxsvHKF1/OWsJ2qNiioTx7EiVPAU=
=Hg8u
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Andreas Metzler writes:

Hello,

Do we consider ASN.1 modules (e.g. the specification of
AttCertValidityPeriod in rfc 3281) to be code or specification?

The general rule is that everything that Debian ships, including
documentation, standards, pictures, etc., must be freely modifiable in a
manner consistent with the DFSG. If it would go on a Debian DVD, then
all of the bits on that DVD must DFSG-free. Otherwise, it may or may
not be able to be hosted on non-free or contrib.

Cheers,
Walter Landry

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

* Andreas Metzler:

It is not uncommon to directly generate C source from ASN.1 modules.

Is that really true? Are there high-quality free ASN.1 toolchains?

In my experience, the ASN.1 modules in RFCs are mostly used like the
packet layout diagrams, as an informal description, but I never had
much exposure to certain heavy ASN.1 users such as SNMP.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2020-05-17 Simon Josefsson <[email protected]> wrote:

Andreas Metzler <[email protected]> writes:

Do we consider ASN.1 modules (e.g. the specification of AttCertValidityPeriod in rfc 3281) to be code or specification?

On one hand the rfc coyright fixup for "code components" in newer
RFCs (post Nov 2008) explicitely includes ASN.1 modules as one of
the things being made available under BSD licenses. Which implies that
they are code, or at least that somebody thought clarification could not hurt.

[...]

Hi! I believe the whole distinction between what is code and what is specification was a mistake that the IETF did. As far as I know, Debian
does not care, as long as the license is free. If the IETF is clear
that ASN.1 modules are BSD licensed, I don't think there is any problem
for Debian -- or what would the problem be?

The problem is not about the ASN.1 modules in the new RFCs but about
those from the old RFCs, which were *not* explicitely licenced as free software.

If we consider these old ASN.1 modules software we have a problem, if we
think they are specification, comparable to BNF in RFC 821 we do not.
IMHO.

cu Andreas

--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2020-05-18 Florian Weimer <[email protected]> wrote:

* Andreas Metzler:

It is not uncommon to directly generate C source from ASN.1 modules.

Is that really true? Are there high-quality free ASN.1 toolchains?

[...]

From what I have seen these are not general solutions but ad-hoc generation

of specific header files. See e.g. libksba or heimdal.

cu Andreas

--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)