Re: In favour of Sender ID (was: DEPLOY: SPF/Sender ID support in Couri

Hallam-Baker, Phillip wrote:
> > Ahh. Yes, I missed that.  I think the GPL specifically answers this
> > question:
> >
> > http://www.fsf.org/copyleft/gpl.html
> >
> > "Finally, any free program is threatened constantly by 
> > software patents.
> >  We wish to avoid the danger that redistributors of a free 
> > program will
> >  individually obtain patent licenses, in effect making the program
> >  proprietary. To prevent this, we have made it clear that 
> > any patent must
> >  be licensed for everyone's free use or not licensed at all."
>
> Sender-ID is licensed for everyone's free use and it is not 
> necessary for individual users or distributors of the program
> to obtain independent licenses.
While that may be true, nevertheless several attorneys have stated that 
Sender-ID is not compatible with the GPL and other open source licenses. 
With all due respect, until I hear from another attorney otherwise, 
those opinions carry a lot of weight over others who are not attorneys 
including myself. Add to this the opinion of Microsoft lawyers as well. 
Perhaps Verisign's legal counsel disagrees and we'll be happy to hear 
his or her opinion, if you can obtain it for us.
In the context of this standard, once again the question is whether the 
IPR issue cause problems with deployment. Judging from announcements 
made by various companies in the last few days, it seems that the big 
boys have no problems with this. However, ISPs and domain owners are the 
ones who will be publishing these records, and it remains to be seen 
whether the IPR issue will delay their rollout. The very fact that 
people are confused about the license, already points to potential problems.
> It is very clear to me that the SenderID license is not a
> genuine impediment here. The impediments are being created by
> people who want to see them.
In my personal opinion any IPR Microsoft may be claiming can only be 
based directly on ASRG discussions and other related mailing lists, as 
well as IETF drafts. I also agree with Hadmut that the PRA "agorithm" is 
too obvious and additionally, it looks very much like fetchmail's 
"algorithm".
Therefore, IMHO, this situtation is starting to smell just like the case 
of the IDN WG described in RFC 3669 - a company following progress of 
the working group (or in this case a research group) and then patenting 
ideas coming up in the discussion. In the case of IDN, the IPR claims 
were dismissed as worthless and the standard moved along. Whether this 
is a viable option for this WG, is something that remains to be seen.
<rant>
One thing that keeps bugging me is how hiddenly all of this came about. 
Phil, you of all people always made sure to include a disclaimer on any 
potential idea that Verisign might seek to patent coming out of ASRG 
discussions. Microsoft employees did not do that simple courtesy 
(whether Microsoft's lack of disclosure granted rights to the IETF is 
something I will leave to the lawyers). This creates a precedent and a 
chilling effect on the operation of the entire IETF community which *is 
not a good thing*. Should we now worry about every single potential 
patent that might be filed on our discussions just because some company 
decides to sic their lawyers on it?
I am not blaming any of the Microsoft employees that were involved in 
this. Quite the opposite, I am very impressed with what they have done 
for us and the steps they took. I would like to commend Bob, Harry, 
George, Jim and others for pushing this and agreeing to work within the 
IETF process when other options were available. Nevertheless, whoever is 
responsible for this IPR issue at Microsoft, perhaps the lawyers, should 
have told us earlier about this, and published the license long before 
the last call period started. It would have made things much easier for 
all parties involved.
</rant>

Yakov