In <20041002231943(_dot_)GB1135(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
[huge amount of stuff about being inclusive deleted.]
What does this have to do with Microsoft? The SPF community
has shown strong support for the envelope sender. And this
makes sense, because the envelope is the natural domain of
the MTA. Microsoft has shown strong support for the PRA in
the headers. And that makes sense, because headers are the
natural domain of the MUA. Coincidentally, the opensource
world dominates the MTA market, and the commercial world,
notably Microsoft, dominates the MUA market.
I disagree with this. While Microsoft does dominate the MUA market,
this is not the case with spam filters. Spam filters generally deal
with headers, not the SMTP-time identities. Spam filters have been
rapid adoptors of SPF, even faster than MTAs. The spam filter market
has a large mix of F/OSS, proprietary and inhouse systems.
I have seen almost no clambering for the PRA from spam filter people
as your above theory would suggest. I have seen some wanting to deal
more directly with the 2822.From: header, but the PRA doesn't protect
that header at all (except in cases where it doesn't need to be
protected.)
But this is not relevant; the important question is what
position the SPF Community should take on the PRA and on
working with Microsoft. I know that among the opensource
commuity, who have been burned many times, and, with the
patent application, continue to be burned, the natural
instinct is to say that cooperating with Microsoft in any
way is beyond the pale.
It isn't just F/OSS people who have been burned by dealing with
Microsoft. Just talk to all the flashcard/memory-stick companies
(mostly commercial/proprietary) that got burned by the bogus Microsoft
patent on the FAT filesystem. Fortunately, this bogus patent has
been voided (and there was much rejoicing), although an appeal is
likely.
The point here is not that Microsoft should be singled out for scorn
for these kinds of practices, there are many others who are just as
bad or worse. The point is that this isn't a F/OSS vs MS thing.
And the same community has said
that on a purely technical level the PRA is simply
unworkable, and will be exploited the day it comes out, and
that while sendership can be verified by IP-based channel
methods, authorship can only be verified with cryptography.
I largely agree that the PRA has serious technical problems. Still,
it is quite clear that when MS talks, people listen and with MS
pushing the PRA, it will be a checklist item handed down by many PHBs
to the mail admins.
I also believe in being inclusive. We now have the option
of submitting drafts to the IETF which do not give PRA any
role at all. Or we can submit drafts which give the market
a choice of scopes, including mail-from, helo, PRA, and
possibly others.
Again, I strongly object to advancing the PRA in the form last seen in
MARID.
Either the license needs to change to be compatible with F/OSS MTAs
and spam filters, or one or more other widely accepted scopes needed to
be added that cover the 2822.From: identity so that F/OSS software
isn't frozen out.
Adding the PRA as a choice is not being inclusive, any more than
saying that all religions must be treated equally, except for Jews.
The PRA is inherently discriminatory.
I am arguing for PRA support not because I think PRA is
technically right, but because giving Microsoft what it has
asked for is gracious. And if Microsoft is going to take it
even if we don't give it to them, then it is not only
gracious; it is pragmatic.
I don't know about anyone else, but this paragraph immediately
reminded me of Neville Chamberlain's "Peace in our Time" speech.
(Yes, I know I'm coming dangerously close to Godwining here.)
So, to answer the question, in part I am doing it because it
seems to be the right thing to do, and in part I am playing
politics.
Yes, it is clear that you are playing politics. I am totally
unconvinced that your support of the PRA is the right thing to do.
Actually, I am very convinced that is very much the wrong thing to
do.
The extremists in the SPF community who hate Microsoft can
do two things:
Claiming that people who are against the PRA are extremists and that
they hate Microsoft is like claiming that people who are against
apartheid hate whites. It is very insulting and shows that you are
completely missing the point.
If they tried to
suppress it, I have no doubt that we would quickly see a
full-blown standards war.
I will not ask you or anyone else to fight all injustices in the
world. However, the PRA license and the problems that it causes for
F/OSS programs is right in our faces. I, for one, will work to try
and stop it. Yes, I know this will cause a standards war.
Microsoft is committed to Sender
ID and already has more money and manpower dedicated to
implementing and evangelizing it than the entire SPF
community combined. Going head to head is not a viable
strategy. If we refused to allow PRA at all, I am sure
Microsoft would publish Sender ID as a standard anyway and
say goodbye to the IETF.
"Peace in our time!!!!"
After all that, if people feel that a policy of appeasement
is misguided then please say so. After all, appeasement has
been known to fail in the past.
Heh.... I've been typing replies as I've read Meng's post.
Apparently, even Ment realizes that the policy of appeasement has
failed in the past.
-wayne