spf-discuss
[Top] [All Lists]

RE: Re: When did we lose control?

2004-10-22 02:58:31
From: Greg Connor
Sent: Friday, October 22, 2004 1:49 AM

<...>

The list consensus is that the community does not support a
protocol which allows the use of v=spf1 records for PRA
checking.

This is expressed in Mark's Internet draft for Sender
Policy Framework. See section 4.0. A third party may use a
different algorithm for the check host function, as long as
the result is the same. PRA checking will not give the same
result.

ACK.  It's also in the old draft-mengwong and in draft-schlitt.


I don't think this is correct.  PRA is a different input to the
check host function, not a different algorithm.

It's a very specific, broken, patented algorithm.  Please read their patent
application.  I know you see some merit in it from reading your posts, but I
don't think you fully appreciate how much people truly dislike the PRA
scheme here.  It's a fundamentally flawed approach, regardless of where it
came from.  Maybe we shouldn't be quite so outraged at MS over this whole
mess and should consider our own actions for a few moments.

MS may be a lot of things, but they're neither foolish nor naive.  Vivien
just posted one extremely insightful view of how we may have been
blindsided.  That shouldn't be surprising, after all, they're professionals
at this game and we're clueless newbies.  Sure, we're better engineers than
they are, but that and a dollar will get you a cup of coffee.  Following
Vivien's line of thought, it actually makes sense that they would propose
something they _know_ we would reject.  Heads I win, tails you lose.  Their
maneuvers were probably designed to paralyze us, which they have done
admirably.

There really were two poison pills they offered us, and we swallowed both.
The first was the GPL-incompatible license.  That was a slam-dunk.  There
was no way we could resist that and feel truly righteous in our indignation.
The second one was more subtle:  a flawed algorithm that has just enough
merit to discuss but not good enough to deploy.  It would keep honest
engineers arguing for a year while MS does what they do best:  get something
half-baked and barely functional out to market before the competition has
even finished their specs.  It's not like this is the first time we've seen
this.

What's the answer?  I'm not sure, but I think the first step is to not take
the bait.  Listen up, James and everyone else, I think Vivien's on to
something very important here.  It's been said that anger is the poison we
drink while we wait for our enemies to die.  We can't beat them at their own
game.  They've proven they're absolutely the best in the world at it and
anyone who doesn't admit that is in for a real drubbing.  When you're losing
at someone else's game, learn to cheat or change the rules.  Whatever you
do, don't keep playing their game.

Let me suggest a thought experiment.  What if we talked to MS like we were
really intent on every word they said ... and then ignored every bit of it.
Nod our heads in agreement and offer compliments for every one of their
suggestions ... and then go off and do the opposite.  Act surprised and
injured if they accuse us of being uncooperative ... then continue to follow
your own agenda.  If after all that "cooperation", MS still can't satisfy
the license requirements of the OSS MTA community, we can shake our heads
and say, "Gee, I can't understand why this didn't work out".  We look like
gentlemen who have gotten the runaround and they look like, well, Microsoft.
But during all this, we keep our eye directly on the ball, quietly get our
stuff implemented and deployed while continuing to "cooperate" and stall.

It's an interesting experiment.  How do you think it turned out?

--

Seth Goodman


<Prev in Thread] Current Thread [Next in Thread>