Re: acceptable licenses (Was: Can there be an early decision on t he Sen

On Aug 27, 2004, at 3:34 AM, Anne P. Mitchell, Esq. wrote:
> I agree completely with Larry Rosen, and several others, that the 
> entire scheme vis the license is problematic.  The *reason* it is 
> problematic is that while, yes, it allows unlimited use by *end 
> users*, as soon as someone tries to modify it for their own purpose, 
> and then share that modification with others for the good of and 
> widespread adoption throughout the industry, there's a "gotcha".  In 
> fact, I would argue that the same concern applies to end-users - what 
> if the end-user wants to tweak the code themselves?  If they want to 
> then share that modified implementation they could find themselves on 
> the wrong end of an MS lawsuit.  It's all about control.  You can't 
> really blame MS for wanting to retain this sort of control - but I 
> would suggest that it's antithetical to the real goal here.  An 
> authentication system to be uniformly adopted across the industry is 
> *not* the same as an authentication system to be uniformly adopted 
> across the industry which is essentially *owned* by one very large 
> ISP.  Having an ISP - particularly one of the 800 pound gorillas - own 
> the ultimate commercial (and that's what it is, commercial) rights to 
> the one true authentication system is like having a large marketing 
> company own the IP rights to the one spam filter in use across the 
> industry.
> What happens when Earthlink comes up with a better way to both 
> implement and check for Sender I.D., which ends up giving it a 
> competitive edge over Hotmail and MSN in the spam performance arena? 
> (And make no mistake about it - at this point in time, spam/anti-spam 
> performance at national ISPs is very much all about a competitive 
> marketing edge.)  Remember, this is the same company that threatened 
> Slashdot and demanded that they remove user postings because the users 
> had quoted a *public* Microsoft document 'in violation of their 
> copyright'.
> Of course, this is something which I and many others have been saying, 
> and predicting, all along.  That as soon as MS started courting Meng, 
> it tolled the death-knell for the open-source potential of SPF, which 
> is what made SPF so attractive in the first place.
> In my opinion what we need is a SenderID/SPF-clone which is truly 
> open-source, and which doesn't itself violate the inevitable Microsoft 
> IP claims.  You can be reasonably sure that MS' plan all along was to 
> rule this market, and that's exactly where they are headed, with the 
> blessing of a surprising number of people.  The race for a winning 
> authentication protocol among the majors was never altruisitically 
> about authentication first - it was always about market domination - 
> and it was a shrewd, but blatant, move on MS' part to dance with Meng 
> and end up subsuming SPF.
My problem with this line of reasoning is that any spam reduction 
mechanism is going to have IPR claims - by either the genuine inventors 
or someone else. There are multiple patent claims on challenge 
response. I am not comfortable with the idea that we reject a 
technology because the IPR holder has deep pockets. As far as I can 
tell, that the IPR is held by Microsoft remains the primary objection, 
and I can't see that as a valid objection.
I would also argue that there is a control advantage to making Sender 
ID an IETF standard. It makes it much harder for Microsoft (or anyone 
else, for that matter) to make arbitrary revisions. Whether or not this 
matters depends on whether you think it will get widespread adoption. I 
think it will, and that most of us are going to wind up dealing with it 
regardless of the IETF decision. Do we prefer an IETF standard or a 
de-facto standard? Of course, if adoption is widespread and rapid 
enough it will be difficult for anyone to change regardless of the size 
of the gorillas.
Margaret.