Andy,
You asked:
The question before the working group: assuming no
technical errors with the above, is there anybody who
vehemently objects with this proposal?
My comment is not a vehement objection, but rather a strong
suggestion.
Having strongly supported Dave Crocker's earlier suggestion
of a security and operations review of Sender-ID by
graybeards, I second Dave's suggestion, adopt his reasoning
and strongly support the request that the co-chairs have a
security and operations review carried out by graybeards on
any proposal for pra/mailfrom checks before the draft
specifications go through last call.
As a secondary matter, I simply note the draft patent
license contains the following restriction:
Microsoft ... hereby grant You a perpetual ...worldwide
license under Microsoft’s Necessary Claims to use ...
object code versions of Licensed Implementations only as
incorporated into Licensed Products and solely for the
purpose of conforming with the Sender ID Specification.
(See section 2.1 of the draft Patent License.)
My read of the last restriction ... "and solely for the
purpose of conforming with the Sender ID Specification"
precludes "object code versions of Licensed Implementations
only as incorporated into Licensed Products" being used for
any other purpose except to "conform with the Sender ID
Specification."
(The Sender ID Specification being defined as the
combination of draft-marid-pra with draft-marid-core.)
I presume a proposal which includes both pra and mailfrom
checks would involve elements of draft-marid-pra and
draft-marid-core, so giving rise to Microsoft's IPR claim
and the draft patent license with the noted restriction.
As such, the restriction contained in the draft patent
Sender-ID license would preclude network administrators
from incorporating both mailfrom and pra checks without
obtaining separate permission from Microsoft.
On this point, please note the following Q & A from
Microsoft's FAQ:
Q8: What if I want to use the Sender ID technology in some
other context, still related to email but perhaps not
related to Sender ID? Will Microsoft sue me?
A8: Microsoft is committed to working with companies in a
collaborative way to license our Intellectual Property (see
http://www.microsoft.com/mscorp/ip/). If Microsoft is
granted patent rights that cover the Sender ID
specification (currently pending) it will make those rights
available at no cost for anyone to implement and use the
Sender ID specification. Microsoft will need to see what
patent rights are granted by the US Patent and Trademark
Office to even know for sure what rights it has to offer.
Since it is impossible to contemplate every possible use of
it Sender ID patent rights we cannot make a commitment up
front to specific license terms. We invite anyone
interested in using Microsoft’s IP to innovate and compete
in the marketplace to come talk to us.
In the circumstances, should the WG wish to proceed with a
protocol which incorporates both pra/mailfrom checking
based on one version with multiple scopes, I urge the WG
co-chairs to seek clarification from Microsoft on this
point.
Why? Because if my understanding is correct, it means
software developers cannot access the Microsoft Necessary
Claims under the draft Sender-ID patent license to develop
object code which allows for pra/mailfrom checking without
getting a further license from Microsoft, which may or may
not be forthcoming.
In turn as matters now stand, without clarification from
Microsoft, this would seem to be a further impediment to
widespread implementation of this proposal.
John
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.752 / Virus Database: 503 - Release Date: 03/09/2004