ietf-mxcomp
[Top] [All Lists]

DEPLOY: Prior Art for Sender-ID (was Re: DEPLOY: SPF/Sender ID support in Courier.)

2004-08-31 08:53:27

(This message got stuck originally because of my own stupidity, I am resending it to the list)

Andrew Newton wrote:

 4) You have stated above that you believe Microsoft's claim is
 "nebulous" with regard to rights being claimed.  Your release notes
 state "Implemented Sender Policy Framework checking on the From:
 header.  Be sure to read the documentation and understand the
 implication."  Since checking of the From: header is listed in the  -pra
 document, are you concluding that this is not encumbered by  Microsoft's
 claim?  If so, how did you come to this conclusion?


The ASRG archive runs several thousand messages. They start with a
discussion on RMX. There is more than one message in there talking  about
the use of "From" headers for RMX lookup. If someone has the time to go
through it, prior art is certain to be found. Perhaps someone should
tell the lawyers.

IMHO, in light of the possible prior art, it may be very probably that
the potential patent application is invalid or will not approved.
Therefore, it might be feasible to ignore the IPR claim all together  and
preceed with approval of Sender-ID.


In any case, for example, here is a is a message posted to the ASRG  list
on May 7th, 2003
(http://www1.ietf.org/mail-archive/web/asrg/current/msg04390.html):

-----snip----
On Wed, May 07, 2003 at 07:43:10AM -0700, Daniel Erat wrote:
 > I understand why RMX is not able to examine RFC 822 headers.  My  point
 > was that RMX does nothing to curtail the sending of messages with
 > forged 822 From: addresses.  Since this is the only sender address
 > that most users see, and the address that replies go to (in absence  of
 > a Reply-To: or related header), I disagree with the assertion that
 > this is not a severe problem.

Well, RMX could be used to verify the From: address as well.
Feel free to ask your MTA to do another RMX lookup after
receiving the message body (and before sending the reply code).
If you like it, you can do it.
-----snip----

Another message as a reply to Bob Atkinson, the author of Caller-ID,
talks about parsing "Received" lines:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04321.html

Another messaging discussing headers:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04591.html

A snippet of actual code that compares headers against DNSBLs in the
context of the RMX discussion:
http://www1.ietf.org/mail-archive/web/asrg/current/msg00686.html
===========================================
On a related note, here is a message posted on May 5th, 2003 by Bob
Atkinson, the author of the Caller-ID draft talking about "domain
purportedly responsible for a  message:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04231.html

Another message from Bob dated May 6th, 2003 talking about the use of
XML for RMX records and enhancing the RMX proposal:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04302.html

Another message talking about "From" headers, also from Bob:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04333.html

Here is a message from another Microsoft employee dated March 6th, 2003
regarding RMX:
http://www1.ietf.org/mail-archive/web/asrg/current/msg00608.html

Another few messages from a Microsoft employee critisizing RMX:
http://www1.ietf.org/mail-archive/web/asrg/current/msg00646.html
http://www1.ietf.org/mail-archive/web/asrg/current/msg00671.html

====================================================================
If we take a look in RFC 2014, we find the following in section 1:

"Participation is by individual contributors, rather than by
representatives of organizations."

We also find that the ASRG adopted an following IPR policy on June  12th,
2003, requiring disclosure of IPR:
http://www1.ietf.org/mail-archive/web/asrg/current/msg05378.html

At least one message was posted from Bob Atkinson after this policy was
adapted without disclosing any IPR information:
http://www1.ietf.org/mail-archive/web/asrg/current/msg07090.html

Here is another one discussing reputation systems from Bob Atkinson on
October 31st, 2003:
http://www1.ietf.org/mail-archive/web/asrg/current/msg07875.html

Frequent readers of the ASRG list will note that Phil Hallam-Baker of
Verisign explicitly stated a few times that his company may claim IPR  on
specific ideas he shared with the ASRG list. To my knowledge, none of
the Microsoft employees ever did that.

Also, the ASRG list is hosted at the IETF domain. We find the following
notice at IETF's mailing list page (http://www.ietf.org/maillist.html):

----------------------------------------------------------------------- ---
Any submission to the IETF intended by the Contributor for publication
as all or part of an IETF Internet-Draft or RFC and any statement made
within the context of an IETF activity is considered an "IETF
Contribution". Such statements include oral statements in IETF  sessions,
as well as written and electronic communications made at any time or
place, which are addressed to:
the IETF plenary session,
any IETF working group or portion thereof,
the IESG, or any member thereof on behalf of the IESG,
the IAB or any member thereof on behalf of the IAB,
any IETF mailing list, including the IETF list itself, any working  group
or design team list, or any other list functioning under IETF auspices,
the RFC Editor or the Internet-Drafts function
----------------------------------------------------------------------- ---

The ASRG list maybe considered "any other list functioning under IETF
auspices" and posting to it may be considered "any statement made  within
the context of an IETF activity is considered an "IETF Contribution".
However, it is unclear whether IRTF lists fall under that. If the ASRG
list does in fact fall under that, than postings to it are considered
"Contributions to the IETF" and are covered under RFC 3667 and 3668:

Yakov


<Prev in Thread] Current Thread [Next in Thread>