ietf-mxcomp
[Top] [All Lists]

Motion to abandon Sender ID

2004-09-01 15:31:44

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I will argue here for abandoning Sender ID. I make some assumptions which 
could be refuted, but I believe that they are correct based on my 
experience. I encourage those who respond negatively to attack the 
particular points I am making and refute the facts I claim.

We already agree to the fact that most Open Source licenses, especially the 
GPL, are not compatible with the terms of the Sender ID license. However, 
additional software could be downloaded and installed on existing platforms 
to run with software that is licensed under incompatible terms. For 
instance, a sendmail milter, or a perl script to filter all mail, or any 
number of possibilities.

I would like to inform the chairs that the distribution of the technology in 
Linux and BSD distributions is critical for the widespread adoption of the 
technology among the open source community. Most people who use Linux or 
BSD do not add software to their installation. They expect everything to be 
tightly integrated together within the distribution. When software is 
released as part of the distribution, it shows that a certain amount of 
testing and work has gone into making it a part of the distribution. Adding 
additional software to an installation generally brings instability and 
requires additional resources. This is why people generally don't install 
additional software to their installation. Experience within the community 
shows that software that is not part of the major distributions is not 
considered standard, supporting this claim. Therefore, I claim it as a fact 
that software that is not distributed as part of the major distributions is 
not standard, and can never be a standard unless it finds a way to be 
included within the major distributions.

If Sender ID technology cannot be distributed under the same terms by which 
most Linux and BSD distributions are distributed, then to include it the 
terms of the distributions must be modified. I don't believe it will be 
possible to convince the major Linux and BSD distributors to comply with 
Microsoft's Sender ID License in order to integrate the Sender ID 
technology in the distribution. I claim it as a fact that the Linux and BSD 
distributors will not modify their distribution terms to satisfy the Sender 
ID license.

Therefore, since the terms of the license prevent it from being distributed 
under the terms of most Linux and BSD distributions, combined with the fact 
that changing the terms of distribution will not be possible, and combined 
with the fact that generally people don't include software on their 
machines that are not part of the distribution, the logical conclusion is 
that Sender ID will not be adopted as a standard by the open source 
community.

In short, Microsoft's License for patent claims made on Sender ID prevent it 
from being a standard in the open source sommunity.

Can we recommend a standard we know will not be a standard in the open 
source community? Open source software dominates the internet landscape, 
especially in the MTA realm. If the proposal cannot become a standard in 
the open source community, can it be a standard in the community as a 
whole? It cannot. Our efforts will be in vain unless we propose a standard 
that can be adopted by the open source community.

If Microsoft would like to propose a different license, or surrender their 
claims to unspecified IP in Sender ID, then I believe that Sender ID could 
become a standard in the open source community. However, Microsoft has very 
little time to propose a new license, and judging by past experience with 
their legal department, I don't think they will be able to do so within a 
reasonable time frame. Perhaps Microsoft will immediately surrender their 
patent claims, but I doubt that.

Therefore, I move that Sender ID be removed from the MARID recommendations 
because it can never be a standard in the open source community due to its 
licensing terms and the uncertainty of pending patent claims. In its place, 
we should recommend SPF version 1, or SPF "classic", as currently adopted 
and implemented by over 70,000 recorded domains.

- -- 
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBNk3IBFeYcclU5Q0RAgX6AKCIxwjKvkc+LvhRZlugZsHk+bQ+LACgl4Px
KZYCr1v/QXJf0E8VteCgr2E=
=o1NT
-----END PGP SIGNATURE-----


<Prev in Thread] Current Thread [Next in Thread>