spf-discuss
[Top] [All Lists]

RE: Moving Forward ...

2004-10-13 21:01:24
From: Meng Weng Wong Sent: October 13, 2004 10:37 PM

|On Wed, Oct 13, 2004 at 05:13:30PM -0400, John Glube wrote:
|| 
|| From the last go around, the clear consensus was that the
|| spfv1 protocol should not consider pra checking.
|| 

|OK, let me try to get some clarification on this.
|
|1) what exactly is everyone's objection to allowing v=spf1
|records to be interpreted in PRA scope?  Let's set aside
|for now the issue of scope disambiguation whether using a 
|macro or a /scope tag, and assume that PRA record content
|would be the same as for mailfrom record content.

Unfortunately, in setting aside the issue of "scope
disambiguation" as you put it, starts one down a slippery
slope to a greater risk of false positives, especially as
we can not assume the PRA record content is the same as
mailfrom record content in all cases. 

|2) if MS changed the patent license to be compatible with 
|free software, would those objections go away?

If MS changed the patent license to be compatible with the
Open Standards Alliance model, it removes this issue from
the table and allows for a focused technical discussion on
how best to proceed. 

However, this needs to be a pre-condition to having any
technical discussion, otherwise we run the real risk of
spending oodles of time on a technical discussion which
turns out to be a waste and distracts people from moving
ahead.

But if Microsoft wants to say, providing we can get a, b
and c, we will change the license, let this come from
Microsoft in writing and then there is a basis for
negotiation.

Until then, even though I fully respect Carl's view that MS
won't "submarine" people, given what has transpired, I am
less sanguine.

Why? 

* Someone on behalf of MS made a clear statement on a
matter of fundamental import to the MARID list "we have no
claim on mail from checking." 

* Then someone else in the same organization in an email to
the press in response to a direct question said, "we may
have a claim."

* Then this same organization, when fully confronted,
through their in-house senior counsel in a submission to a
federal regulatory agency said, "well yes, it's true we did
make disclosure, but the exact scope of our rights depends
on our patent application." 

Sorry, but that's too much equivocation for my liking, when
all Microsoft had to do on the evening of 21.09.04 was
simply retract the press statement and say "woops, we got
our wires crossed, we stand fully behind the
representations made during MARID."

|3) would people rather see Microsoft promote an spf2.0/pra 
|syntax, while the opensource world promotes a v=spf1 
|syntax?  Again, assume the contents of those records  would
|be the same; ignore scope disambiguation for now.

As long as Microsoft is not prepared to change the draft
patent license, I would rather see Microsoft promote a
syntax that does not have spf in the label, to fully
decouple PRA from SPF, so that:

* SPF's applications for experimental status and ongoing
deployment are not caught in the licensing backwash; and

* The open source community can proceed to move forward
with its plans, including MUA authentication, without being
tangled up with Microsoft.

My two cents worth.

John

John Glube
Toronto, Canada

The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.776 / Virus Database: 523 - Release Date: 12/10/2004
 


<Prev in Thread] Current Thread [Next in Thread>