SPF Prior Art?2004-09-22 09:18:01
Folks,
IANAL but I have been around the block a few times. SPF leverages a well known security pattern of third party authorization/authentication. In the DNS context, this is demonstrated by well deployed products like BIND 9 that only accept NOTIFY messages from non-LAME nameservers. This is exactly analogous to how SPF queries DNS but SPF looks at a different record - TXT versus NS. The use of this security pattern in the context of email is neither novel nor innovative. For example, RFC 821 refers to HELO as having a FQDN but that you are not supposed to rely upon it. At minimum, this says that the concept of using the security pattern of third party authorization/authentication is well known and should not be depended upon when processing HELO. This looks like prior art to me in the specific instance of deciding not to use the DNS to authorize an IP address. Shifting to use the MAILFROM instead of HELO is not innovative nor novel. It is obvious to one practiced in the art of using the SMTP protocol. There is prior art all over the concept of SPF. The W3C, recently, at the request of Microsoft, formally asked the USPTO to re-examine the EOLAS patent. It was then found to be invalid. Therefore the question facing us is: how do concerned parties register this prior art with the USPTO as an objection to patents that affect SPF? Waiting for litigation is waiting for inordinately expensive trouble. Best Regards, Andrew ____________________________________ Andrew W. Donoho awd(_at_)DDG(_dot_)com, PGP Key ID: 0x81D0F250 +1 (512) 453-6652 (o), +1 (512) 750-7596 (m)
|
|
||||||||||||||||