|
Re: DEPLOY: Prior Art for Sender-ID (was Re: DEPLOY: SPF/Sender ID support in Courier.)
2004-08-31 14:52:33
Looking through my old asrg summary/archive , I find the the following message
from archives talks about checking both "From:" and "Sender:" headers:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04684.html
I can't find anything going futher (i.e. including Resent headers), but
I would not be surprised if somebody posted about that too. Please go
through archives on that thread.
Also, unrelated to this group but of interest is this prior work on header
cryptographic signatures for email messages (I believe this supercedes
any claims Yahoo or others may make about this method):
http://www.chaoszone.org/misc/spam.html
P.S. I believe the messages from Microsoft people from links below make it
clear that they had used prior work of RMX for Caller-ID (one message
talked about _rmx subdomain even) and had published "responsible sender"
from RFC822 headers idea in the public. If only I had number of the patent
application to check ... but I'd not be surprised if these messages
superceded that application, which means they should not have filed it
considering the idea (which is obvious from email RFCs anyway) was already
disclosed to the public and was based on the existing publicly published
(as IETF draft!) work.
On Tue, 31 Aug 2004, Yakov Shafranovich wrote:
(This message got stuck originally because of my own stupidity, I am
resending it to the list)
Andrew Newton wrote:
4) You have stated above that you believe Microsoft's claim is
"nebulous" with regard to rights being claimed. Your release notes
state "Implemented Sender Policy Framework checking on the From:
header. Be sure to read the documentation and understand the
implication." Since checking of the From: header is listed in the -pra
document, are you concluding that this is not encumbered by Microsoft's
claim? If so, how did you come to this conclusion?
The ASRG archive runs several thousand messages. They start with a
discussion on RMX. There is more than one message in there talking about
the use of "From" headers for RMX lookup. If someone has the time to go
through it, prior art is certain to be found. Perhaps someone should
tell the lawyers.
IMHO, in light of the possible prior art, it may be very probably that
the potential patent application is invalid or will not approved.
Therefore, it might be feasible to ignore the IPR claim all together and
preceed with approval of Sender-ID.
In any case, for example, here is a is a message posted to the ASRG list
on May 7th, 2003
(http://www1.ietf.org/mail-archive/web/asrg/current/msg04390.html):
-----snip----
On Wed, May 07, 2003 at 07:43:10AM -0700, Daniel Erat wrote:
> I understand why RMX is not able to examine RFC 822 headers. My point
> was that RMX does nothing to curtail the sending of messages with
> forged 822 From: addresses. Since this is the only sender address
> that most users see, and the address that replies go to (in absence of
> a Reply-To: or related header), I disagree with the assertion that
> this is not a severe problem.
Well, RMX could be used to verify the From: address as well.
Feel free to ask your MTA to do another RMX lookup after
receiving the message body (and before sending the reply code).
If you like it, you can do it.
-----snip----
Another message as a reply to Bob Atkinson, the author of Caller-ID,
talks about parsing "Received" lines:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04321.html
Another messaging discussing headers:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04591.html
A snippet of actual code that compares headers against DNSBLs in the
context of the RMX discussion:
http://www1.ietf.org/mail-archive/web/asrg/current/msg00686.html
===========================================
On a related note, here is a message posted on May 5th, 2003 by Bob
Atkinson, the author of the Caller-ID draft talking about "domain
purportedly responsible for a message:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04231.html
Another message from Bob dated May 6th, 2003 talking about the use of
XML for RMX records and enhancing the RMX proposal:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04302.html
Another message talking about "From" headers, also from Bob:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04333.html
Here is a message from another Microsoft employee dated March 6th, 2003
regarding RMX:
http://www1.ietf.org/mail-archive/web/asrg/current/msg00608.html
Another few messages from a Microsoft employee critisizing RMX:
http://www1.ietf.org/mail-archive/web/asrg/current/msg00646.html
http://www1.ietf.org/mail-archive/web/asrg/current/msg00671.html
====================================================================
If we take a look in RFC 2014, we find the following in section 1:
"Participation is by individual contributors, rather than by
representatives of organizations."
We also find that the ASRG adopted an following IPR policy on June 12th,
2003, requiring disclosure of IPR:
http://www1.ietf.org/mail-archive/web/asrg/current/msg05378.html
At least one message was posted from Bob Atkinson after this policy was
adapted without disclosing any IPR information:
http://www1.ietf.org/mail-archive/web/asrg/current/msg07090.html
Here is another one discussing reputation systems from Bob Atkinson on
October 31st, 2003:
http://www1.ietf.org/mail-archive/web/asrg/current/msg07875.html
Frequent readers of the ASRG list will note that Phil Hallam-Baker of
Verisign explicitly stated a few times that his company may claim IPR on
specific ideas he shared with the ASRG list. To my knowledge, none of
the Microsoft employees ever did that.
Also, the ASRG list is hosted at the IETF domain. We find the following
notice at IETF's mailing list page (http://www.ietf.org/maillist.html):
----------------------------------------------------------------------- ---
Any submission to the IETF intended by the Contributor for publication
as all or part of an IETF Internet-Draft or RFC and any statement made
within the context of an IETF activity is considered an "IETF
Contribution". Such statements include oral statements in IETF sessions,
as well as written and electronic communications made at any time or
place, which are addressed to:
the IETF plenary session,
any IETF working group or portion thereof,
the IESG, or any member thereof on behalf of the IESG,
the IAB or any member thereof on behalf of the IAB,
any IETF mailing list, including the IETF list itself, any working group
or design team list, or any other list functioning under IETF auspices,
the RFC Editor or the Internet-Drafts function
----------------------------------------------------------------------- ---
The ASRG list maybe considered "any other list functioning under IETF
auspices" and posting to it may be considered "any statement made within
the context of an IETF activity is considered an "IETF Contribution".
However, it is unclear whether IRTF lists fall under that. If the ASRG
list does in fact fall under that, than postings to it are considered
"Contributions to the IETF" and are covered under RFC 3667 and 3668:
Yakov
---
William Leibzon, Elan Networks:
mailto: william(_at_)elan(_dot_)net
Anti-Spam Research Worksite:
http://www.elan.net/~william/asrg/
|
|