John and Roy,
Just a couple of follow up points to your discussion.
In an earlier post on this topic, I referenced Anne's note.
After going through the FAQ and draft license a few more
times, my own analysis pointed to a number of technical
concerns. These are more than just the sub-licensing issue.
* MS wants to limit the patent license grant to that
intellectual property which is necessary to allow the
Licensee to only implement the Sender ID Specification,
presuming there is no other technically reasonable
In my view the proposed limitations are overly restrictive,
unduly favouring the competitive interests of MS.
MS needs to give more thought to properly balancing the
In this case, we are dealing with email, part of the
Internet's very fabric.
There has been some discussion about the financial and
market power of MS.
To avoid any concern, MS could consider going beyond even
IBM's stance and donating its IPR, along with any future
IPR involving Sender ID to the MS trust, with the
appropriate beneficiaries for a trust of this nature, the
trustees being nominated by MS, the trust protector being
The MS Trust would have the purpose of furthering the
continuous development of Sender ID.
Under the trust terms, anyone who wishes to implement
Sender ID including MS could apply to the trust for a
royalty free patent license upon reasonable terms (licensee
to take on an "as is where is" basis, waiving any right to
sue the trust for damages).
The key proviso? The applicant would have to grant its
existing IPR or any future IPR involving Sender ID to this
MS in turn could guarantee the trust's ability to perform
its functions, including defending any countervailing
patent claims made against the trust and enforcing
licensees obligations under any patent license as granted.
(Needless to say, much thought would have to go into
refining this concept.)
All I am saying is that at present the patent license does
not strike the proper balance.
I add this is an extremely complex area, especially with
the international implications.
* MS, being an American corporation is subject to US export
The license contains a clause which reflects the need to
comply with any applicable export restrictions.
Firms outside the US may well sign the license.
With the reciprocal patent grant, the clause reflects the
need to comply with any applicable foreign export
We require clarification as to whether there are any
existing US restrictions which prohibit export of the IPR,
including the need for export permits. Will MS undertake to
take the necessary steps to obtain and keep in force any
required export permits
However, there is an underlying issue.
The US is a leader in developing new technologies.
As a result, the US has very sophisticated and complex laws
regulating exports with extraterrorial application.
The US, imposes export restrictions on its technology for a
variety of social, political and strategic reasons. Members
of Congress and the President in their respective roles as
elected representatives of the American people pass the
needed laws to safeguard US national interests.
The IETF and related bodies is a standards organization for
the Internet, which is world wide.
Even if Sender ID were granted RFC status tomorrow, world
wide implementation will take time.
Email is a crucial part of the Internet.
Though there may not be any applicable restrictions today,
the US for very valid strategic reasons necessary to
protect American national interests may at some future time
decide to impose restrictions on the export of technology
which could aid another nation state in fighting the spam
scourge, including the use of the Sender-ID technology or
any derivative and collaborative works.
MS can't guarantee such a restriction could not happen and
it would be wrong to ask for this kind of guarantee.
This possibility is not as far fetched as it may seem.
In saying this I appreciate there are a myriad of treaties
which impose various restraints on what nation states can
This issue simply highlights the problem of properly
dealing with the potential clashes between national
interests and world wide implementation of an Internet
standard dealing with email.
* Applicable law Typically in contracts between parties of
equal bargaining strength a jurisdiction is chosen which is
mutually acceptable to both parties.
Personally, I would prefer English law, with the venue
being the Court of Queen's Bench in London, England, no
right to a jury trial, the parties having the right to
agree on binding mediation.
However, the likelihood of this happening is slim to none,
so let me suggest New York State law and US law, the venue
being the US District Court of Southern Manhattan, no right
to a jury trial, the parties having the right to agree on
I simply outline these points, so that folks appreciate, oh
if we just get MS to deal with the sublicensing issue as
Roy has proposed, all is fine.
Also, based on technical comments, it seems Sender ID is a
solution put forward in response to certain design criteria
of various large financial institutions who are confronted
with a real and immediate problem.
This problem apparently affects:
* their continued ability to rely on email for
transactional purposes; and,
* their customers ability to trust email from financial
institutions, given the level of financial loses being
Unfortunately, this pressing need also highlights the
rational for only granting experimental protocol status to
a standard which has global application.
Why? There are fundamental technical disagreements
concerning Sender-ID's role which remain unresolved.
The biggest one. Whether a proposal like Sender-ID is only
one part of a multi-layered defence which includes various
approaches to sender authentication , or should we treat
Sender ID as the only viable framework for sender
Unfortunately, this lack of consensus highlights the
difficulty in granting Sender-ID anything more than
experimental status without first completing a full scale
operational and security review by graybeards and
conducting wide scale tests.
This analysis also points to how difficult it is for any
IETF WG to get involved in detailed analysis of any
proposed patent license.
This is why the guidelines contained in the RFC's dealing
with how to treat IPR claims have great merit.
In putting forward this analysis, I reiterate although I do
have a law degree and significant experience in legal and
business analysis, I am not a lawyer. This comment is
merely for information purposes only.
The FTC Calls For Sender Authentication
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 19/08/2004