Hoi Frank,
On Fri, Sep 10, 2004 at 04:05:47PM +0200, Frank Ellermann wrote:
Microsoft claims IPR (which they did even before the group
was chartered, btw, but everyone ignored it).
Not really, May 20: draft-atkinson-callerid-00 published.
May 21: ASRG co-chair resigns. May 22: IPR complaint filed.
I have a PDF document from Microsoft which is named
"callerid_license.pdf" and is dated "Published: February 20, 2004".
It starts with:
------------------------------------------------------------------------
Caller ID for E-mail Implementation License
This document is intended to expand upon the rights that Microsoft
grants to certain individuals and organizations interested in developing
and implementing software programs having one or more aspects conformant
to the Caller ID for E-mail Specification (the "Specification") by
providing a patent license to the Specification. Copies of the
technical specifications for the Caller ID for E-mail Specification,
which include an associated copyright notice and license, can be found at
http://www.microsoft.com/mscorp/twc/privacy/spam_callerID.mspx.
Please read this entire document carefully to understand your rights.
Patent License
Microsoft believes that it has patent rights (patent(s) and/or pending
applications(s)) that are necessary for you to license in order to
make, sell, or distribute software programs that comply with one or
more aspects of the Caller ID for E-mail Specification.
[ ... ]
------------------------------------------------------------------------
So it was clear from the beginning that every derivate work that relates
to Caller ID will have an IPR problem and that Microsoft will file a
complaint. Many people stated it, it should be in the archives, but
it was deliberately ignored.
Sure, there's nothing wrong with spf2.0/mailfrom as long as
you don't confuse it with the FUSSP. In theory spf2.0/pra
could also make sense if they fix their "patented" algorithm
to read four mail headers for some common cases.
SPF will not solve "the spam problem" and it will not solve "the
phishing problem". It will *try* to solve the problem with domain
forgery and while trying it breaks the whole existing Internet mail
infrastructure by requiring something like half baked SRS.
We still don't have "the anti spam solution", but hey,
who cares or realizes this.
I care. Back to zero bounces / out-of-office / vacation /
challenges / broken NDRs / Symantec announcing its ignorance
to the e-mail world at large / etc. per day as it was in 2003.
In which way does SPF protect you from
out-of-office / vacation / challenges
everyone always says "this is the way to go", so nobody
asks where the way will really lead to.
Again not really. I still like your MTAMARK idea, and it's
also very interesting to watch SURBL. And even C/R systems
could work in combination with a spf2.0/mailfrom PASS.
Maybe I should have been clearer and write:
> everyone always says "this is the way to go", so journalists don't
> ask where the way will really lead to.
because they still are under the assumption "MARID will solve the spam
problem". I fully understand they must be disappointed to read the
CipherTrust report.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg