Based on some questions I asked Andy earlier today, it seems
the WG is entitled to reasonably presume MS is asserting:
(i) a defensive patent over the PRA algorithm; and (ii) will
require software developers who wish to implement this
algorithm to enter into a royalty free license:
http://www.imc.org/ietf-mxcomp/mail-archive/msg02984.html
The license form is found at:
http://download.microsoft.com/download/6/0/a/60a02573-3c00-4ee1-8
56b-afa39c020a95/callerid_license.pdf
On July 26, 2004, Phillip Hallam-Baker wrote in response to
a post by Richard Stallman:
"Microsoft has been told that they need to adjust the
license terms if the technology is to stay in. The chairs
have given a specific date for providing the statement from
the lawyers. Ergo there is nothing to be done until either
we hear from the lawyers or the deadline expires. There
seems to already be consensus that the license terms are not
acceptable as is."
http://www.imc.org/ietf-mxcomp/mail-archive/msg02843.html
Since nothing new was filed by 02.08.04:
* Is their any room left for the Unified Theory which Meng
eloquently put to the SPF discuss list?
Under this approach, and applying it to where we are today,
SPF would be the protocol used by senders to publish their
sender policy. Receivers could then use this data to
authenticate domains based on SPF/SRS, CSV/CSA/DNA or Sender
ID/Submitter.
(I appreciate this would require some work with the existing
drafts.)
* Unified Marid could then become a draft protocol, broken
out into its component parts. One standard for senders.
Three standards for receivers.
On 19.07.04 David Crocker wrote in response to a post by
Margaret Olson:
"There is an ietf movement to get cross-area reviews early
in the specification process. This is intended to uncover
significant design and operations issues quickly.
I strongly urge Marid to get some senior IETF review of the
sender-id stuff from security and operations geeks. One
source candidate reviewers is at
http://graybeards.net/sirs/index.html.";
http://www.imc.org/ietf-mxcomp/mail-archive/msg02751.html
To date there has been no uptake on Dave's suggestion.
To supplement the Unified approach, would it make sense for
the WG to have a senior IETF review of SPF as the sender
standard, along with a review of SPF/SRS and
Sender-ID/Submitter as receiving standards on an expedited
basis?
(I have excluded CSV/CSA/DNA as it is my understanding from
follow up posts by Dave this review is already underway and
may now be complete.)
* By taking this approach, instead of outright rejecting
Sender-ID/Submitter, it would leave receivers free to adopt
that protocol which best suits their specific needs.
The open source community and those portions of the
corporate sector which found the MS license requirement
incompatible with their needs could proceed forward on the
receiving side with SPF/SRS or CSV/CSA/DNA.
Those who were willing to accept the MS license could
proceed on the receiving side with Sender-ID/Submitter.
Using SPF as the unifying standard for senders would avoid
fragmentation while leaving receivers free to choose that
protocol which best suits their needs.
I appreciate the WG meeting at the 60th IETF is scheduled
for tomorrow. Also, I acknowledge time is very short.
However, is it not better to have all hands in the same
tent?
I put forward these suggestions to facilitate discussion
at the meeting.
John
P.S. I would love to be at the meeting. However,
unfortunately for personal reasons I am stuck here in
Toronto. So, best wishes to all. Cheers, John
cc. Meng, Mark, Harry, Jim, Dave, Phillip, Carl
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.729 / Virus Database: 484 - Release Date: 27/07/2004