From: On Behalf Of Meng Weng Wong
Sent: October 15, 2004 12:25 PM
Meng,
Before responding to your message in any detail, I simply
note the following comment:
|They don't need our permission to use v=spf1 in PRA scope;
|all they need to do is tell people they're doing that, and
|people will listen.
"They," for the benefit of the reader is referencing
Microsoft.
Personally, I must say that I am disappointed but not
surprised.
In my view, this shows why any proposal involving PRA
checking needs to go through a focused technical analysis
to ensure that it does not contain any mechanisms that
could have significant deleterious effect on email.
Why? Misusing records published by a domain owner for a
specific purpose is clearly a deleterious mechanism, unless
Microsoft can guarantee in all cases the results will be
exactly the same, as required by the SPF protocol.
I suggest advocates of PRA checking would be wise to
reconsider their position on the use of spf v1 records
against the wishes of the domain owner.
Also, given your stance, don't be shocked should others
decide to label you as Microsoft's point person for its
proposed solution to thwarting phishing.
Having said this, personally I shall take this comment as
your response to William's post in which he wrote:
|Meng,
|
|There was an overwhelming oppposition shown on this list to
|idea of allowing Microsoft to reuse v=spf1 records for
|Sender ID checking. Because there is a number of events
|upcoming in which you're sceduled to speak regarding SPF
|and where SenderID would also be mentioned, I request that
|you give SPF community your word that you will not be
|supporting reusing v=spf1 records for purposes other then
|what is specified in the just published draft.
|
|If you can not do this and will be speaking in support of
|reusing v=spf1 records and in support of Sender ID, please
|let the SPF community know about it so we could decide on
|possibility of another spokesman for the community to
|answer interviews and to provide SPF position on different
|events in a way that would better represents consensus or
|majority view seen on this list.
However, I suggest politeness dictates that you respond as
well to William's message.
As to the rest of your comments, concerning PRA checking,
to my understanding these checks are designed to be carried
out during the SMTP session at the transport stage.
Therefore to suggest the draft patent license which needs
to be signed by an implementer will have no bearing on wide
spread implementation of PRA checking by open source
software utilized during the SMTP session at the transport
stage is simply not correct.
It is for this reason, I remain of the view that before any
discussions are had with Microsoft concerning its requests
for spf v2, Microsoft needs to rectify the situation by
coming to the table with the appropriate disclaimers on the
patent, confirming the clear representations it made to the
MARID list and a patent license which is compatible with
the Open Standards Alliance model.
Until that time, it is my strong urging this group simply
turn a deaf ear to Microsoft's requests, either made
directly or through Meng and proceed with working on spf v2
in such a fashion as this group as a whole should decide in
the best interest of the Internet community as a whole.
Meng, as to the view that Microsoft is most interested in
PRA checking as MS is proposing that the result of the
authentication check can be displayed in the MUA this is a
position which you have expressed before. Can I take it
that in saying this you are speaking on behalf of
Microsoft, or is this simply a personal position?
Generally on this point, I do understand MS has been
talking about implementing this feature in Hotmail sometime
later this fall. But this involves a separate
specification, which falls outside of the scope of the
draft patent license and to my understanding would require
a separate license from Microsoft.
As to how to deal with media inquiries, from my own point
of view, it is self evident you no longer speak for this
group as a whole, but only yourself and anyone else who
supports PRA checking, Microsoft and the draft patent
license.
I say this because twice now you have raised the issue of
accommodating Microsoft's requests prior to dealing with
the license issue and twice now you have been rebuffed.
I would simply suggest to those reading this message that folks
who are considering taking on or participating in the PR process
take note of Meng's concerns.
Whether it is felt there is any need for co-ordination with
Meng's PR efforts, either on his own behalf or on behalf of
Microsoft is something I will leave in the hands of others.
Thanks,
John
John Glube
Toronto, Canada
The FTC Calls For Sender Authentication
http://www.learnsteps4profit.com/dne.html
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.776 / Virus Database: 523 - Release Date: 12/10/2004