On Aug 26, 2004, at 7:06 AM, Hallam-Baker, Phillip wrote:
> Right now, we are supposed to be reviewing all of the documents.
> However, as demonstrated in the "DEPLOY/IPR: Fundamental
> Disagreements, or Get On With It" thread, there doesn't seem to be a
> rough consensus that the SenderID license is acceptable. (Actually,
> there appears to be a rough consensus that it isn't acceptable.)
I have yet to see a statement that makes a valid legal argument
that the license terms prohibit open source distribution.
The license terms are at least as open as the terms which the
IETF has accepted in the past.
This is a quasi-judicial proceeding, we have to proceed on the
basis of established facts. About the only fact I see a consensus
on is that none of us are lawyers.
Well, most of us aren't.
I agree completely with Larry Rosen, and several others, that the
entire scheme vis the license is problematic. The *reason* it is
problematic is that while, yes, it allows unlimited use by *end users*,
as soon as someone tries to modify it for their own purpose, and then
share that modification with others for the good of and widespread
adoption throughout the industry, there's a "gotcha". In fact, I would
argue that the same concern applies to end-users - what if the end-user
wants to tweak the code themselves? If they want to then share that
modified implementation they could find themselves on the wrong end of
an MS lawsuit. It's all about control. You can't really blame MS for
wanting to retain this sort of control - but I would suggest that it's
antithetical to the real goal here. An authentication system to be
uniformly adopted across the industry is *not* the same as an
authentication system to be uniformly adopted across the industry which
is essentially *owned* by one very large ISP. Having an ISP -
particularly one of the 800 pound gorillas - own the ultimate
commercial (and that's what it is, commercial) rights to the one true
authentication system is like having a large marketing company own the
IP rights to the one spam filter in use across the industry.
What happens when Earthlink comes up with a better way to both
implement and check for Sender I.D., which ends up giving it a
competitive edge over Hotmail and MSN in the spam performance arena?
(And make no mistake about it - at this point in time, spam/anti-spam
performance at national ISPs is very much all about a competitive
marketing edge.) Remember, this is the same company that threatened
Slashdot and demanded that they remove user postings because the users
had quoted a *public* Microsoft document 'in violation of their
copyright'.
Of course, this is something which I and many others have been saying,
and predicting, all along. That as soon as MS started courting Meng,
it tolled the death-knell for the open-source potential of SPF, which
is what made SPF so attractive in the first place.
In my opinion what we need is a SenderID/SPF-clone which is truly
open-source, and which doesn't itself violate the inevitable Microsoft
IP claims. You can be reasonably sure that MS' plan all along was to
rule this market, and that's exactly where they are headed, with the
blessing of a surprising number of people. The race for a winning
authentication protocol among the majors was never altruisitically
about authentication first - it was always about market domination -
and it was a shrewd, but blatant, move on MS' part to dance with Meng
and end up subsuming SPF.
Anne
Anne P. Mitchell, Esq.
President/CEO
Institute for Spam and Internet Public Policy
Professor of Law, Lincoln Law School of SJ
Committee Member, Asilomar Microcomputer Workshop