Some people on this list will be aware that yesterday Microsoft held an
event in Redmond to assist people in moving forward on implementing
Sender-ID. There was nothing on the agenda discussing licensing, but
clearly this is a key issue, so I raised the issue three times during the
day - twice during the conference itself, and later as a casual
conversation with Craig Spietzle over drinks.
First my disclosure: My employer is MessageLabs, one of the largest MX
filtering companies in the world - largest in terms of number of
customers. The license is compatible with our company in terms of
implementation, however I went to the sender-id summit with a specific
goal to discuss the deployment issues regarding open source software. We
are both a major user of open source software, and a contributor (I'm a
developer of an open source SMTPd and an ex SpamAssassin developer), and
should sender-id fail because of Microsoft's unwillingness to negotiate
the terms of their license then that would be bad for the entire industry.
What I write here is my interpretation of events. There were witnesses to
everything written here, and I welcome them to correct things should I
have misremembered (given that I had to travel 48+ hours for this one day
event, I hope people will forgive me if I have some things mixed up). I
would also like to point out that I am not trying to bash anyone here - I
appreciate the effort Microsoft is putting in here, and I do not wish to
appear to be attacking them in any way. This note is merely to inform
those not present at the Sender-ID summit of what transpired there from
my personal perspective.
o o o o
During the course of the day, licensing was mentioned a couple of times as
I recall it. The first time was a "Licensing Reality" slide which declared
that everything was OK and we shouldn't worry (I'm massively paraphrasing
of course). Sendmail Inc also spoke about how it was a non-issue because
you simply didn't need to get a license (a fact with which I disagree),
which is the stance they have taken with their Sender-ID implementation.
During a section of the day regarding deployment I decided it was time to
open this issue up to the audience. After all, the licensing issues are
all about deployment. I raised the well known issues discussed on this
list (incompatibilities with open source licenses). The Microsoft response
appeared to be that they would fix the FAQ and confirm that they would
never ever charge for Sender-ID licenses.
The charging issue appeared to be held on to toward the end of the day,
when Microsoft declared that they would never charge, and would email
mxcomp in that regard (I believe Harry Katz has done so). However,
charging was NEVER the issue with open source licenses, and this was
either a smokescreen or a fundamental misunderstanding of the issues.
Craig Spietzle requested that I discuss this with him offline so they
could continue the conference, so in the evening I took some time to
discuss it with him, in the presence of Wietse Venema and the author of
the Port25 mailer (who's name I have temporarily forgotten - apologies).
We discussed a number of issues, not all of which I can recall now. Most
certainly I put it to him that cost was not the issue and that there was a
fundamental incompatibility with open source licenses. On the cost issue I
believe that sunk in. On the incompatibility issue I don't believe we
managed to agree with each other. Ultimately I put it to him that the
license would have to change should open source implementations of
Sender-ID be a requirement for adoption.
I pressed him: "Will you fix the license?". I never really got a confirmed
yes or no, but my feeling was "no" when we ended the conversation. I
suggested that they give their IP to the IETF (such as I believe there is
precedence of - I know that IBM has committed patents to the public domain
before in a similar act of openness), to which I was told that Craig
believed this was a reasonable idea, but that Bill Gates himself had
vetoed that idea because of the current focus on patent gathering and IPR
issues at Microsoft.
We ended the conversation with my suggestion that Microsoft work with
Larry Rosen to fix the license, and Craig telling me that they had already
worked really hard with Larry, and that they had "met halfway" with
Larry's requests. Craig did suggest that some of Larry's requests were not
reasonable and had nothing to do with making the Sender-ID license
compatible with open source. I am not privy to the details though. There
appeared to be an element of "We've worked really hard on this and we
don't want to have to do-over" in Craig's responses.
Ultimately I do feel that Craig Spietzle listened very carefully to my
points, and I am grateful to him for that, and if I have mis-characterised
anything he said to me in the above text I will stand corrected. But I do
not personally believe the position Microsoft is taking on this is working
for this project. While there are other IETF standards that are IPR
encumbered and require a license, they are not standards which have as
wide-reaching an effect as Sender-ID, and I think we have to get this one
right.
Matt Sergeant
Senior Anti-Spam Technologist
MessageLabs.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________