All,
I don't really want to enter this discussion, but I believe it is
necessary.
For those that don't know me, I'm the ex-CTO of Lotus (98-01) and thus
someone who professionally had to spend a great deal of time (too much)
worrying about IP issues, and consulting with IP lawyers. I was also the
source of a private suggestion to Harry Katz that [E]SMTP be extended to
identify the email submitter as an alternative to mucking about with RFC
[2]822 headers. At the time, Harry indicated that this idea was new to him
and Microsoft. I leave it to Harry to indicate whether he has subsequently
encountered a prior claim to this idea.
Now to the nub of the issue.
Microsoft has disclosed that they claim to possess Intellectual Property
(IP) that must be utilized to implement the in-process-of-development IETF
standards described in draft-ietf-marid-core-03.txt,
draft-ietf-marid-pra-00.txt, and their successors. This disclosure is
required as a precondition of Microsoft (employees) involvement in the
development of these in-process-of-development IETF standards. They are
not required to disclose specifics of the IP they claim to posses, merely
that they claim to possess it.
This disclosure in no way establishes the validity of this claim. This
awaits the issuance of a patent or patents, and the subsequent defense of
this patent or patents. Any individual or organization is free to write to
the patent authorities in any and all jurisdictions claiming that IP that
they believe has been submitted for patent protection is covered by "prior
art" or is "obvious", both of which are grounds for rejection of a patent
application. The patent authorities can also determine that IP that has
been submitted for patent protection is covered by "prior art" or is
"obvious" on their own, but in the US they are constrained by a number of
adverse judgements that restrict their ability to so do.
Given the above, an individual or organization wishing to implement and
distribute code that supports the processes defined in
draft-ietf-marid-core-03.txt, draft-ietf-marid-pra-00.txt, and their
successors, has to determine the strength of Microsoft's, and other
potential, and as yet undisclosed, IP claims. This is unfortunate, but is
a feature of the current software development landscape.
In the case of the Microsoft IP claims, Microsoft has offered to waive any
and all of their claims with respect to IP required to implement the
in-process-of-development IETF standards described in
draft-ietf-marid-core-03.txt, draft-ietf-marid-pra-00.txt, and their
successors, on a royalty-free basis in exchange for execution of a license
agreement. I recognize that there potential problem with this licence,
especially with respect to its non-extension to sub-licences.
So, net, net, implementors have three choices.
1. They, with the help of their advisors, can determine that Microsoft,
and as yet unknown others, possesses no IP that would encumber an
implementation of draft-ietf-marid-core-03.txt,
draft-ietf-marid-pra-00.txt, and their successors. Based on such a
determination, they can then proceed apace. They might of course be liable
to subsequent claims for redress from Microsoft, and as yet unknown
others, if this determination proved subsequently to be in error.
2. They, with the help of their advisors, can determine that Microsoft,
and as yet unknown others, do possesses IP that would encumber an
implementation of draft-ietf-marid-core-03.txt,
draft-ietf-marid-pra-00.txt, and their successors, but can further
determine that Microsoft, and as yet unknown others, are highly unlikely
to make claims for redress. Based on such a determination, they can then
proceed apace.
3. They, with the help of their advisors, can determine that Microsoft,
and as yet unknown others, do possesses IP that would encumber an
implementation of draft-ietf-marid-core-03.txt,
draft-ietf-marid-pra-00.txt, and their successors, and in order to receive
protection from subsequent claims for redress from Microsoft enter into a
licence agreement with Microsoft that grants them the right to employ the
claimed IP. They can then proceed apace.
The IETF (marid wg) also has a number of choices.
1. Encourage Microsoft to more precisely identify their claimed IP so that
implementors could make a more informed judgement with respect to its
"obviousness" and coverage by "prior art". My guess, is that this IP is
limited to determining whether the PRA as defined by the PRA algorithm is
consistent with the sending SMTP client's IP address. My sense is that
"prior art" can be found for determining the PRA - it's implicit in RFC
822, but not for whether the PRA is consistent with the sending SMTP
client's IP address.
2. Limit the scope of marid to the [E]SMTP MAIL FROM: command, with or
without the SUBMITTER parameter. RMX, SPF, etc. which operated on the MAIL
FROM: address almost certainly constitute prior art, and I am the source
of the proposal to Microsoft that [E]SMTP be extended to identify a
submitter, and gladly waive any and all rights, etc. Sadly, their may
other earlier claims to the idea of extending [E]SMTP.
3. Attempt to find a non-PRA based approach to verifying the message (SMTP
DATA) content.
The above does not propose a solution to the problem at hand, but I hope
at least lays out the alternatives that may be pursued by
implementors/marid.
Nick Shelness
Independent Technology Consultant <nick(_at_)old-mill(_dot_)net>