From: Anne P. Mitchell, Esq.
Sent: September 25, 2004 3:40 AM
To: ietf-mxcomp(_at_)imc(_dot_)org
Subject: Microsoft Statement regarding Sender I.D. Update and
Plans (forwarded by request)
Thank you for posting the Speizle letter.
Although the Microsoft patent applications are quite broad,
I took solace from the good faith representations made in
the IPR filings and to the MARID list as to the actual
scope of these claims.
On September 21, 2004, a press spokesperson for Microsoft
is reported to have sent an email to Internetnews which
read:
|"The SPF technical alternative is just now becoming a real
|focus for the IETF. It is premature for the standards
|participants to disclose any IP they may own related to
|SPF. If SPF continues to work its way through the process,
|there will likely be a point where Microsoft and others
|will [be] asked to identify any essential IP claims and
|Microsoft will follow the IETF guidelines for disclosure at
|that time."
http://www.internetnews.com/dev-news/article.php/3409971
This reported statement was cause for concern upon my part.
I had hoped that Microsoft would clarify matters and simply
confirm the previous good faith representations.
Unfortunately, I remain concerned. Let me explain.
In the letter, Craig Speizle writes:
|"I would also like to clarify several misstatements
|pertaining to our license and patents. From the onset,
|Microsoft has confirmed that any potential patent rights
|that Microsoft may eventually be granted will be provided
|to all users, implementers and distributors of the Sender
|ID specification under Microsoft's royalty free license.
|Microsoft will not revoke its offer to extend this license
|to anyone now and in perpetuity."
The phrase "the Sender ID specification," is not defined in
this paragraph, except by reference to "Microsoft's royalty
free license."
In the second paragraph of the letter, Craig Speizle writes:
|"After discussion with the IETF MARID chairs, we jointly
|agreed to move forward with a proposal that provides
|implementers the choice of utilizing PRA or MAIL FROM for
|the Sender ID check mechanism."
And in the third paragraph of the letter, Craig Speizle
writes:
|"While we would have preferred a single technical mechanism
|as the standard, we believe the specification to allow
|multiple scopes in the protocol is a reasonable approach,
|providing choice and flexibility."
The patent applications are quite broad in scope. Even
though the term "Sender ID specification" is presently
defined in "Microsoft's royalty free license," there is
nothing in the letter to preclude Microsoft from amending
this definition to fit with any patent rights which
Microsoft may subsequently be granted.
We are therefore left with two possible interpretations of
the meaning of the phrase "Sender ID specifications" in the
letter:
1. "Sender ID specification" means: (i) the original
caller-id specification; (ii) the marid-core and marid-pra
specification as defined in Microsoft's draft patent
license; (iii) any amendments to the marid-core and
marid-pra specifications or equivalent substitutions
thereof, but which are not based on SMTP mailfrom,
EHELO/HELO or the IP address, as may occur in obtaining
IETF-experimental status and IETF-standard track for these
specifications.
2. "Sender ID specification" means: (i) the original
caller-id specification; (ii) the marid-core and marid-pra
specification as defined in Microsoft's existing draft
patent license; (iii) the marid-mailfrom specification;
(iv) any IETF - experimental set of protocols involving
either mailfrom or pra checking based on the existing or
any amended specification; (iv) any IETF - standard set of
protocols involving mailfrom or pra checking based on the
existing or any amended specification; (v) any other method
of sender authentication which falls within the scope of
Microsoft's patent rights and forms part of the "Sender ID
check mechanism."
I also note that:
* Microsoft's existing draft patent license is not
compatible with the Open Standards Alliance model.
On what is meant by the Open Standards Alliance model, a
conference was held Fairmont Scottsdale Princess resort in
Arizona during September 13 - 14, 2004. The conference
title:
"Open Source, Open Standards: Maximising Utility While
Managing Exposure"
The conference was organized by the Open Standards Alliance.
http://www.openstandardsalliance.org/
At the conference, Larry Rosen gave a keynote speech on the
issue of the compatibility of Open Standards with Open
Source software licensing.
I quote from the official conference statement:
|"Larry Rosen proposed five normative principles for open
|standards that are compatible with Open Source software
|licensing.
|
|The five principles of open source software are:
|
|1. Licensees are free to use open source software for any
|purpose whatsoever.
|
|2. Licensees are free to make copies of open source
|software and to distribute them without payment of
|royalties to a licensor.
|
|3. Licensees are free to create derivative works of open
|source software, and to distribute them without payment of
|royalties to a licensor.
|
|4. Licensees are free to access and use the source code of
|open source software.
|
|5. Licensees are free to combine open source and other
|software.
|
|Compatible principles
|
|Mr Rosen put forward compatible principles for Open
|Standards:
|
|1. Everyone is free to copy and distribute the official
|specification for an open standard under an open source
|license.
|
|2. Everyone is free to make or use embodiments of an open
|standard under unconditional licenses to patent claims
|necessary to practice that standard.
|
|3. Everyone is free to distribute externally, sell, offer
|for sale, have made, or import embodiments of an open
|standard under patent licenses that may be conditioned only
|on reciprocal licenses to any of the licensee's patent
|claims necessary to practice that standard.
|
|4. A patent license for an open standard may be terminated
|as to any licensee who sues the licensor or any other
|licensee for infringement of patent claims necessary to
|practice that standard.
|
|5. All patent licenses necessary to practice an open
|standard are worldwide, royalty-free, non-exclusive,
|perpetual, and sub-licensable."
* I believe it is fundamental that open standards which are
subject to patents and/or patent claims must be subject to
actual or draft patent licenses which are compatible with
open source licensing standards as set out in the Open
Standards Alliance model to ensure the continued vibrancy
of the Internet.
* Email is presently one of the core reasons people use the
Internet.
* Based on what has already transpired, I suggest it is
self evident that any proposal which supports PRA will run
into trouble, during any public comment process prescribed
by the IETF as long as Microsoft persists in requiring a
patent license which is not compatible with the Open
Standards Alliance model.
In the circumstances, I believe it is incumbent upon
Microsoft to confirm that:
* "Sender ID specification" means: (i) the original
caller-id specification; (ii) the marid-core and marid-pra
specification as defined in Microsoft's draft patent
license; and (iii) any amendments to the marid-core and
marid-pra specifications or equivalent substitutions
thereof, but which are not based on SMTP mailfrom,
EHELO/HELO or the IP address, as may occur in obtaining
IETF-experimental status and IETF-standard track for these
specifications.
* "Microsoft's royalty free license" will be fully
compatible with the Open Standards Alliance model.
Otherwise, it is highly likely there will be a hue and cry
during the public comment process of any experimental
proposal put forward by Microsoft as called for under
sections 4.2.3 and 6.1.2 of RFC 2026.
But perhaps more importantly, without fully clarifying
matters, in my opinion, based on what has transpired to
date, Microsoft runs the risk of placing the IETF's
credibility in jeopardy as a standards organization.
Having made these comments, I add that I have every reason
to consider Craig Speizle is personally acting in good
faith, based on legal guidance and in what is perceived as
Microsoft's best interest.
However, given the potentially contentious nature of this
matter, along with the import to email as a viable means of
communication and the risk to the IETF itself, I call upon
Microsoft, as one of the leading software firms in the
world, to fully clarify matters for the record beyond a
shadow of a doubt.
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 21/09/2004