CAcert Root Distribution License
This page is here for discussion and suggestions on the RDL.
Original proposal by Mark
This is a Work-in-Progress document. It is not POLICY. Your feedback is both sought and very much welcome. This notes section does not form part of the license.
Introduction by Mark: This license is derived from the 2-clause BSD license ("Simplified BSD License" or "FreeBSD License"), and is designed to be as liberal as possible regarding distribution rights whilst protecting both CAcert Inc and the wider CAcert community from the special types of liability that may arise from CA root certificates.
It offers more freedoms than CC-BY-ND, namely:
- The right to derive - this is necessary for situations where you need interoperability (for example, converting PEM to DER format may be a derivative work)
- No complicated rules for attribution - we have no compelling need to enforce attribution during distribution beyond the usual copyright notification and the inclusion of our disclaimer.
It also protects us in ways that CC-BY-ND does not, namely:
- Liability disclaimer extends to members of CAcert, related parties, etc.
- Specific disclosure of non-reliance under this license is an honest, open and transparent expression of what is usually buried in legalese in the wider PKI community.
- Secondary liability cap of $AUD1,000.00 in the event any disclaimer of liability is unenforceable or not absolute.
Under this proposal, the NRP's old D a L would be discontinued, as it lacks both the concept of legal consideration and the ability to bind the NRP.
This CAcert Root Distribution License (RDL) would be the sole license under which CAcert roots can be distributed. Your right to distribute your own certificates issued by CAcert is contained within the CCA, but there is no right to distribute CAcert's roots under that agreement. The advantage of utilising a single license for all distributions of the root certificates is that you are protected, either as a third party distributor or as a member of the community, to the maximum extent possible.
Feedback & Comments
Feedback by Lambert, July 12, 2010: I definitely like the length: short and concise. I also like that it allows people to distribute the root certs in multiple formats.
add more notes here: