Re: on the topic of IPR

Andrew Newton wrote:
> It is one of the jobs of co-chairs to facilitate discussion of working 
> group topics.  Not that the issue of IPR is being debated lightly, 
> however we would like to raise a few discussion points that may have 
> been overlooked or given light treatment.
Andy,

Perhaps you can explain to us how chairs are planning on deciding on the 
IPR issues, and what information should the WG members be providing? 
Should input of non-members such as ISPs be solicited? Are we taking RFC 
3669 into account, especially the part about inability to have consensus 
on IPR issues?
> -  Many a message have been dedicated toward discussing the potential 
> abuse Microsoft may undertake while armed with a patent.  However, there 
> has been little discussion regarding Microsoft's willingness and ability 
> (via deep pockets) to fend off counter patent claims.  Should Sender ID 
> go forward with the acceptance of Microsoft's IPR, it leaves little 
> doubt that another entity claiming rights to such technology will have 
> to go through Microsoft to find remedy.  However, if MARID were to 
> produce another standard such as Classic SPF or even CSV, who will 
> defend a legal claim against it?
The problem that this will only happen if they get sued. For example, 
there are a bunch of patent holders currently suing various companies 
such as the JPEG patent, video streaming patent (Acacia), etc. We don't 
see Microsoft counter suing while they may have patents of their own 
(especially in regards to video). So relying on them to sue any 
potential counterclaimaints is a non-issue since they will not do so 
until provoked. In regards to possibilities of someone for SPF, that is 
always open. However, this is a normal risk that any standard faces.
In addition, IMHO the reciprocal license only helps against companies 
that will use Sender-ID. Many patent trolls are simply shell companies 
that hold IPR and have no products, thus no helping with the license. Of 
course, I am not a lawyer, but the lawyers present can provide their 
take on that.
> -  Some of the participants have speculated openly that Microsoft's IPR 
> claims might also cover the SPF syntax even though Microsoft has not 
> specifically attributed their claim to draft-ietf-marid-protocol.  Given 
> that Microsoft's patent application and original IPR claim covered a 
> Caller ID document which used XML and not SPF, is this a reasonable 
> assumption?  It should be noted that it was the MARID working group that 
> persuaded Microsoft to use the SPF syntax.  Microsoft's first choice was 
> XML.
In my role as an ASRG co-chair, I formally submitted a request to the 
Microsoft's legal department on March 1st, 2004 asking whether their IPR 
claims extend to all the drafts that were the output of the ASRG and 
input to the MARID WG including RMX, DMP, SPF, MTA MARK, etc. I received 
a response from the legal department that my message was received. I 
discussed this in person with Harry Katz and George Webb at a 
conference, and I followed up by sending another email message to the 
legal department. My messages were acknowledged but no response, 
negative or positive, was ever received. It has been six months, and the 
lack of a simple "no" response, makes me suspicious. This also points to 
how slow the legal department is and that relying on them as the FAQ 
suggests might not be a good idea.
On the other hand, Bob Atkinson who is the author of Caller ID showed up 
in the ASRG list in May of 2003 discussing RMX 
(http://www1.ietf.org/mail-archive/web/asrg/current/msg04333.html). 
Based on the content of those messages as well as other information, it 
seems to me that whatever IPR is being claimed cannot be older than that 
date. At that time the RMX draft was already published. Therefore, it 
would seem logical that PRA or XML might be the IPR in question.
However, the problem with patents is once granted they are assumed valid 
until proven otherwise. So even if a patent somehow is granted on other 
aspects of Sender-ID by whomever, it will cost money and effort to 
disprove it.
> -  If it is reasonable to assume that Microsoft's patent application and 
> claimed IPR can and/or do reach beyond draft-ietf-marid-core and 
> draft-ietf-marid-pra, is it not the best course of action to take 
> Microsoft's offer of a royalty-free, nondiscriminatory and reasonable 
> license given that a rejection of Sender ID as a standard has no weight 
> on the standing of their claim.  In other words, if it is believed that 
> their claim could cover other work product of MARID, then would not the 
> best course of action be to secure the best-possible license?
That I will grant you.

> -  On the issue of deployment, there have been many messages regarding 
> the adoption of Sender ID (as a note, the chair's instructions 
> specifically called for opinion about personal deployment and not 
> speculation as to the actions of others).  While many believe that 
> Sender ID's encumbrances will slow adoption because it is not as 
> friendly as desired toward open source, it has been noted that Qmail 
> also has an equally or more unfriendly license toward open source yet is 
> one of the most popularly used MTAs.
I am sorry Andy, but you are comparing apples and oranges. The main 
problem with this specific patent license is the fact that a signed 
agreement is required. DJB to my knowledge does not require that. The 
legal issues surrounding this patent license, as well as fear of letting 
a potential competitor know about your activities, privacy issues, 
revockability, etc. are all related specifically to this requirement. It 
is unfair to say that Qmail's license is more or equally restrictive 
since the comparison is not taking this specific point into account.
Considering that the four open source MTAs (postfix, exim, qmail and 
sendmail) together constitute a majority of Internet MTAs, it is vital 
that a license on any email related technology takes the majority of 
deployed MTAs into account. And since lawyers have stated that this 
license is possibly incompatible with the licenses under which some of 
these are distributed, that might be detrimental to the overall deployment.
Additionally, while I do not want to start war mongering against 
Microsoft, nevertheless Microsoft develops email software, and competes 
more heavily with open source software than most other companies, 
especially when marketing. Therefore, it is natural to assume that many 
parties would be naturally suspicious of Microsoft's intentions, 
especially in the light of the fact that this license may be 
incompatible with open source licenses. Therefore, people including my 
own company, would think twice before signing this license, especially 
when open source software is used.
In closing, a quote from RFC 3669 (section 5.3):

"The issue is not whether a particular piece of technology is 
IPR-impacted -- we use IPR-impacted technology every minute. The 
question is how much the IPR protection will limit the technology's 
usefulness in building a robust, highly useful Internet."
Yakov