At 12:23 AM 8/28/2004 -0400, Stuart D. Gathman wrote:
On Fri, 27 Aug 2004, Jake S wrote:
I enjoy SPF - the email type not the sun block type - it works for me and my
small company but I rely on courier for our business. If Sam cannot support
the future incarnation of SPF (SenderID if I'm correct) then I can't either
and I'm fairly certain that courier has a fairly large install base. How
should we go about this and / or deal with this statement?
Continue enjoying SPF. Unlike SPF, SenderID has never been tested - we don't
know whether it is truly an improvement. SenderID is encumbered by the
M$ patent (which seems like another stupid one to me - to see who purportly
sent the message you ... duhhhh ... let me see .... duhhh ... look at
the headers? I would have never thought of that!). So just ignore it
until:
a) it has actually been found to work
and
b) it is unencumbered
My 2 cents...
Actually I think where Microsoft is headed with all this in future is a
per-user cryptography, like SenderKeys, but under their own control. Allow me
to explain my reasoning.
Note that Microsoft has made public announcements about the future value of
"hashcash" technique, where the cost of sending is increased by apply some
computer algorithm. Note that public key cryptography at the MUA with huge
keys is a way to accomplish this.
Thus I see SenderID and the algorithms for parsing, as the first salvo in what
will eventually be those algorithms everywhere and then Microsoft can force
people to license those algorithms in order to enable their Signers (e.g. MUAs)
and Verifiers (e.g. MTAs). As I said in the "Patent license" thread,
Microsoft's apparent goal in past is to wrest control into their clients (e.g.
IE, Outlook, Windows) so that the power of others is irrelevant.
Microsoft's advantage is always to turn the control back to the client, which
is why I guess people here would oppose SenderKeys, but I think an open
standard for per-user signing could pre-empt. I know Microsoft can crush
SenderKeys in a heart beat. I have no illusion about that. I am just trying
to do something. Note the Privacy section of SenderKeys has been drastically
improved.
That is to say I think we need open standards for both viable per-domain
anti-forgery (SPF) and per-use built on top of and orthogonal to per-domain
(SPF).
I disclaim any knowledge about Microsoft plans and I disclaim that this is
true. This is my version of fiction. Read it into what you want to.
(got my flame redardent jacket on waiting for replies :)