please review 'application/pdf'

Keith Moore moore at cs.utk.edu
Mon Dec 8 07:09:23 CET 2003 

Larry,

Thinking about this some more -

There are lots of protocols that specify things like access permissions 
- NFS for instance.  We don't have a problem with these.  But we don't 
try to equate NFS permissions with copyright restrictions, nor do we 
threaten NFS implementors whose implementations allow users to ignore 
or circumvent those permissions.  There are several good reasons for 
ignoring or circumventing those permissions, and we don't expect 
computer programs to be able to distinguish the cases where there are 
good reasons from those where the reasons are bad - indeed we cannot 
anticipate all of the good reasons in advance.

In most 2-party protocols we expect 'server' hosts to protect resources 
on those hosts, acting in the interests of the server.  We expect 
client programs to act in the interest of the client, not those of the 
content provider.  We would regard any design that provided a way for 
clients to break access permissions, and merely trusted them not to do 
so, as unsound.  (For instance, this is why use of source port numbers 
< 1024 to prove that you're privileged isn't acceptable.)

Here's how I think this breaks down:

If Adobe wants to point out that there is such a thing as access 
permissions in PDF, that's merely providing information which might be 
useful to the reader.

If Adobe wants to claim that circumventing or ignoring these 
permissions is violating copyright law, that is at best an exaggeration 
and at worst dangerously misleading for a variety of reasons.  IETF 
should not lend its imprimatur to such statements.

If Adobe is going to try to legally screw anyone who implements PDF in 
a way that doesn't enforce access permissions, then giving potential 
implementors warning of that policy in the media type registration is 
in some sense the least Adobe could do.  And if the mechanism by which 
Adobe hopes to screw such implementors is by claiming that the 
implementors are violating their "copyright" on data structures, this 
is pretty similar to reasons that we have IPR statements in other 
documents.   Just as with patent claims, IETF shouldn't make any 
comment on the legal validity of this theory.

But  if Adobe is going to have that policy, I don't think IETF should 
be helping to promote PDF by publishing this as an RFC - the most we 
should do is update the media-type registration.  Furthermore, IETF 
should stop supporting the use of PDF in Internet-Drafts and RFCs, in 
favor of some other format that is freely usable.

More information about the Ietf-types mailing list