-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I will argue here for abandoning Sender ID. I make some assumptions which
could be refuted, but I believe that they are correct based on my
experience. I encourage those who respond negatively to attack the
particular points I am making and refute the facts I claim.
We already agree to the fact that most Open Source licenses, especially the
GPL, are not compatible with the terms of the Sender ID license. However,
additional software could be downloaded and installed on existing platforms
to run with software that is licensed under incompatible terms. For
instance, a sendmail milter, or a perl script to filter all mail, or any
number of possibilities.
I would like to inform the chairs that the distribution of the technology in
Linux and BSD distributions is critical for the widespread adoption of the
technology among the open source community. Most people who use Linux or
BSD do not add software to their installation. They expect everything to be
tightly integrated together within the distribution. When software is
released as part of the distribution, it shows that a certain amount of
testing and work has gone into making it a part of the distribution. Adding
additional software to an installation generally brings instability and
requires additional resources. This is why people generally don't install
additional software to their installation. Experience within the community
shows that software that is not part of the major distributions is not
considered standard, supporting this claim. Therefore, I claim it as a fact
that software that is not distributed as part of the major distributions is
not standard, and can never be a standard unless it finds a way to be
included within the major distributions.
If Sender ID technology cannot be distributed under the same terms by which
most Linux and BSD distributions are distributed, then to include it the
terms of the distributions must be modified. I don't believe it will be
possible to convince the major Linux and BSD distributors to comply with
Microsoft's Sender ID License in order to integrate the Sender ID
technology in the distribution. I claim it as a fact that the Linux and BSD
distributors will not modify their distribution terms to satisfy the Sender
ID license.
Therefore, since the terms of the license prevent it from being distributed
under the terms of most Linux and BSD distributions, combined with the fact
that changing the terms of distribution will not be possible, and combined
with the fact that generally people don't include software on their
machines that are not part of the distribution, the logical conclusion is
that Sender ID will not be adopted as a standard by the open source
community.
In short, Microsoft's License for patent claims made on Sender ID prevent it
from being a standard in the open source sommunity.
Can we recommend a standard we know will not be a standard in the open
source community? Open source software dominates the internet landscape,
especially in the MTA realm. If the proposal cannot become a standard in
the open source community, can it be a standard in the community as a
whole? It cannot. Our efforts will be in vain unless we propose a standard
that can be adopted by the open source community.
If Microsoft would like to propose a different license, or surrender their
claims to unspecified IP in Sender ID, then I believe that Sender ID could
become a standard in the open source community. However, Microsoft has very
little time to propose a new license, and judging by past experience with
their legal department, I don't think they will be able to do so within a
reasonable time frame. Perhaps Microsoft will immediately surrender their
patent claims, but I doubt that.
Therefore, I move that Sender ID be removed from the MARID recommendations
because it can never be a standard in the open source community due to its
licensing terms and the uncertainty of pending patent claims. In its place,
we should recommend SPF version 1, or SPF "classic", as currently adopted
and implemented by over 70,000 recorded domains.
- --
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBNk3IBFeYcclU5Q0RAgX6AKCIxwjKvkc+LvhRZlugZsHk+bQ+LACgl4Px
KZYCr1v/QXJf0E8VteCgr2E=
=o1NT
-----END PGP SIGNATURE-----