I reference draft-ietf-marid-core-02.txt
May I just make an observation which may assist those considering the IPR
issues?
So far on this list I think I have only seen references to PRA IPR in relation
to MTAs.
The security consideration in Section 6.3 (Forged Resent-From Attacks) states
that MUAs will need to start displaying 'at least the header that was verified'.
I have written separately (Security issue: End-user dependence on MTA integrity)
about the need for users to be shown exactly which address was validated as the
PRA.
Note that the Sender-ID drafts provide no means for the MTA to tell the MUA
which address was determined to be PRA.
The implication is that, for general usability and, in particular, for defence
against the security attack described in section 6.3, the MUA will have to have
the ability to determine the PRA for itself.
The inference is that all such MUAs will be subject to whatever licencing is
associated with the PRA algorithm, not just the MTAs.
I trust that those considering these issues on behalf of the IETF have taken
into account this possible need for all MUAs to be subject to the licence.
HTH
Chris Haynes