From: Meng Weng Wong
Sent: Monday, October 25, 2004 3:59 PM
On Fri, Oct 22, 2004 at 01:33:05PM -0500, wayne wrote:
|
| You might argue that MS systems like hotmail will check SenderID
| records, but I doubt this. Remember, these folks don't even check to
| see if the MAIL FROM domain even exists. CallerID was developed by
| the Exchange folks, not the hotmail folks. There is no reason to
| believe that hotmail will adopt this.
In August at the "Sender ID Summits" held at Redmond,
Microsoft demoed to about 150 people in the audience a
next-generation Hotmail UI that showed a big yellow bar
saying "This message was not authenticated by Sender ID".
I hate to be this blunt, but I'll say it anyway: if I am
heading in a different direction that you, it's probably
because I have access to information that you don't have, or
because I place different weights on certain assumptions.
Unfortunately a lot of that information I can't share
publicly for one of two reasons:
1) it's of a sensitive nature and nobody likes a blabbermouth
2) if you're planning a war, you can't invite the public.
Meng, this is asking an awful lot of the SPF community. I suspect that
you're old enough to remember Richard Nixon's 1972 campaign promise that he
had a concrete plan to end the Vietnam war. When asked about specifics, he
insisted that the plan had to be secret. Was that a believable response?
Yes. Was he telling the truth? No. Could anyone reliably evaluate whether
he was telling the truth at the time? No.
I have no doubt you are privy to all manner of confidential and
semi-confidential information. Without more to go on, you're asking us to
have faith that you are working toward the same kind of solution that we
want, despite many outward appearances to the contrary. It has nothing to
do with the fact that you're willing to talk with MS. I think that's very
positive. The problem is that you are advocating support of PRA even though
it is encumbered beyond use by the open source community and appears to have
fatal technical flaws. I also hate to be blunt with someone who has more
information at his disposal than I, but I still have enough sense to know a
bad situation when I see one and make decisions based on what I information
I have. The approach you are taking appears incompatible with open
standards and open source implementations. Microsoft's current license, or
anything even close to it, is a complete show-stopper. You may well know
many things that we don't, but I can't support your going any further in our
behalf without knowing a lot more than you have told us to date.
In the last year I have flown, on average, two weeks out of
every month; I have visited and/or spoken with forty or
fifty ISPs, ESPs, and software vendors of every size on
three continents. I also have direct experience with a
customer base of significant size in domain hosting, email
forwarding, mailing list management, mailbox
pop/imap/webmail service, and so on. I'm taking all of
these angles into account, not just "what would Slashdot say?"
My assumptions I can defend, but if we disagree about them
there's not much I can say besides "well, obviously we have
different backgrounds." At that point the question is
whether we can find a way to agree to disagree. That's
basically where MARID ended up: "let the market decide".
No one is questioning the fact that you have lots of inside knowledge that
no one else has. Given the good work you've done, that is an inevitable
result. However, when things go wrong for long enough, people are forced to
take matters in their own hands, with or without the knowledge that only the
leader possesses. People who voted against Nixon in 1972 did not know for
sure that he was lying. Neither did the people who took it upon themselves
to impeach him in 1973. It wasn't until the end of that process that
unmistakable proof existed. All those who opposed him could have been
completely wrong, but things had gone badly enough that it seemed like
whatever secret information Nixon had was not being used in our behalf.
I have to be blunt a second time. There is now a very large credibility
gap, Meng, that only you can close. You can choose to address it or not.
If you don't, you begin to look like Dick Nixon in 1972 asking everyone to
believe he had a secret plan to end the war. I'm afraid the burden of proof
is now yours, and I don't think that your possession of valuable secret
information is a satisfactory answer.
Given that I may not be able to share all the information I
have, maybe the question we should really ask is whether we
agree on where we want to end up, even if we don't agree on
how to get there. My objective has always been to reach a
spam-free future based on open standards that everyone can
implement and that don't have to cost anyone anything. If I
take an indirect route to that future, well, that's part of
playing nicely with others: you have to compromise or they
won't want to play with you at all.
People who have a problem with me negotiating with Microsoft
should ask themselves why the ACLU defends unpopular
positions. Sometimes you have to protect unpleasant speech
to protect free speech. Sometimes you have to trade words
with people you don't like so you can avoid trading blows.
The ACLU defends unpopular positions to defend freedom of speech. They do
_not_ advocate these positions and will actually spend money to fight the
actions of the same groups whose speech they defend. This is not a good
analogy.
No one is questioning your right to talk to Microsoft as an individual, as a
representative of PoBox or as a representative of the private group that
Phillip informed us of. We most definitely are questioning your speaking in
behalf of the SPF community until such time as you convince us that you are
negotiating for our goals. It does not currently look like that, but
perceptions can be deceiving. The onus is on you to change our perceptions.
--
Seth Goodman