Forgot your password?
typodupeerror
Microsoft GNU is Not Unix Patents

MS Releases License For Sender-ID 242

Posted by michael
from the embrace-and-patent dept.
NW writes "Microsoft published today a new license and FAQ for Sender-ID anti-spam standard being developed by the IETF's MARID WG (based on SPF). To use the license, a signed agreement with MSFT is required. Compatability with the Open Source Definition, the Free Software Definition, the Debian Free Software Guidelines, and the GPL/LGPL licenses is already in question."
This discussion has been archived. No new comments can be posted.

MS Releases License For Sender-ID

Comments Filter:
  • by Anonymous Coward on Tuesday August 24, 2004 @05:46PM (#10061293)
    FAQ for Microsoft's
    Royalty-Free Sender ID Specification License
    Microsoft Corporation
    August 2004
    Q1: What is the purpose of the patent license?
    A1: The adoption of Sender ID is important for the industry and Microsoft wants to facilitate the
    adoption of the standard by licensing its necessary patent rights on a royalty free basis and
    encouraging others to license their patent rights that cover the Sender ID specification similarly
    on a royalty-free basis. That is why Microsoft's license includes all of Microsoft's current and
    pending patent rights that are necessary to implement the Sender ID specification not just the
    pending patent application claims Microsoft is currently aware of.
    Q2: Doesn't having a patent on Sender ID complicate the process of getting it adopted as
    an IETF standard?
    A2: No. It should not. There are dozens and dozens of patent rights that have been disclosed to
    the IETF that may cover IETF standards. See http://www.ietf.org/ipr.html for a complete list. We
    are not aware of any of these patents complicating the standards process especially where the
    patent owner has provided an assurance that it would make licenses available on a royalty-free
    basis with other reasonable and non-discriminatory terms and conditions as Microsoft has done
    here.
    Q3: Why is Microsoft asking people to take a license?
    A3: In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent
    rights on a royalty-free basis but only to those who are also willing to make their Sender ID
    patents available on a reciprocal royalty-free basis. The license is also important to Microsoft for
    defensive reasons. The reciprocity provisions and the ability to reserve defensive rights for
    Microsoft's implementations of standards are very important elements in our decision to
    contribute technology to standards.
    Q4: When do I need to execute a license with Microsoft?
    A4: At this time Microsoft is only aware of pending patent application claims that cover its
    submission of the Sender ID specification. Because Microsoft is not aware of any issued patent
    claims, Microsoft does not require any one to sign a license with Microsoft to implement the
    Sender ID specification or any part of it that is incorporated into IETF working drafts. In
    conformance with the IETF IPR policy Microsoft has disclosed the existence of those pending
    patent claims and has provided its assurance that if such claims are granted Microsoft will make
    licenses available on reasonable and non-discriminatory terms. Microsoft has also gone beyond
    the IETF's requirements by clarifying that its licenses will require no fees or other royalties, and
    further, to make a license available to early adopters who wish at their option to clarify their rights
    with Microsoft with respect to early implementations. Typically patent holders do not make their
    license terms available until after the standard has been adopted and until after their patent
    claims have been granted, leaving early implementers to speculate as to the ultimate terms of the
    license.
    Q5: What do I need to do for binary and/or source code distribution?
    A5: Many open source licenses require you to include copyright notices distributed in the code
    itself identifying the authors of the code being distributed. Some open source licenses also
    require you to include the license under which you received the code with the code that you
    distribute so that downstream users of the code are made aware of the terms and conditions
    under which they can use the code. Microsoft does not require any notice or other attribution
    when you disclose or distribute your implementation in binary form. However, if you disclose or
    distribute your implementation in source code form, we think it is important for you to include a
    patent attribution (from sec. 2.2 of our royalty-free patent license) in your source code and in
    close proximity to the license under which you make your sou
    • by VValdo (10446) on Tuesday August 24, 2004 @06:02PM (#10061435)
      A3: In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent
      rights on a royalty-free basis but only to those who are also willing to make their Sender ID
      patents available on a reciprocal royalty-free basis.


      Gee, sounds almost viral to me.

      W
    • by ePhil_One (634771) on Tuesday August 24, 2004 @06:03PM (#10061449) Journal
      In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent rights on a royalty-free basis but only to those who are also willing to make their Sender ID patents available on a reciprocal royalty-free basis.

      Has anyone looked at the actual license to ensure that the patent reciprosity is limited only to Sender-ID? This thing could be a hell of a submarine patent reciprosity agreement, freeing MS to violate patents of anyone using email if it was worded carefully enough

      • by ad0gg (594412)
        Read it for yourself [microsoft.com]

        Take the tin foil hat off. Its a Standard reciprocal license agreement. Notice its the exact rights you get from licensing their patent. So how is this bad? All its saying is that you can use their patent if you grant them access to your patents on caller id.

        • by ePhil_One (634771) on Tuesday August 24, 2004 @06:43PM (#10061801) Journal
          Take the tin foil hat off.

          Thanks, but I'll stick with the fool me twice, shame on me system. MS has proven time and time again that they play to win, and that their idea of fair play is whatever they can get away with. Wasn't that long ago they decided I needed to buy a second Windows license for every PC in my office because the one I bought with the computer didn't include a right for me to Ghost(tm) images onto it.

          Fortunately, there's a lot of really sharp and really paranoid folks who understand the law better than me (IANAL, though I do work in IP protection); you just have to separate them from the really paranoid people who don't understand the law.

          • by LO0G (606364)
            Here's the thing to think about here. Spam is KILLING Microsoft, especially with Hotmail. It's literally costing them millions of dollars a year (they've made this quite clear). Microsoft believes that widespread adoption of this standard will help them fight spam.

            So now then you have a question to ask yourself:

            Which is more important to Microsoft: Stopping spam or winning points against other developers?

            If it's the former, then they're on the level.

            If it's the latter, then they're going to use the l
            • What do you think?

              They don't care about a few millions of dollars a year in this crud. It's all a tax write off to them.

              They prefer raping over fighting

            • "If it's the latter, then they're going to use the license as an excuse to rape you."

              Why do they have to choose between the two. They will probably prevent spam, save money AND rape you till get raw.
        • Tin foil hat? You need to learn more about business.

          The grandparent post has a legitimate question and concern. You dismissed it like a fool. Tin foil hat indeed.
    • by Slavinski (713970) on Tuesday August 24, 2004 @06:12PM (#10061522)

      Whew.. I almost thought I saw Microsoft and standard
      used in the same sentence. That was a close one.
    • by Halcyon-X (217968) on Tuesday August 24, 2004 @06:21PM (#10061601)
      In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent rights on a royalty-free basis but only to those who are also willing to make their Sender ID patents available on a reciprocal royalty-free basis.

      So everyone shares their patents with MS, but not with each other, MS gets all patent rights, and everyone else has to fend for themselves? Where is the strategic advantage for everyone to jump on board exactly?

    • by zurab (188064) on Tuesday August 24, 2004 @07:25PM (#10062198)
      Q5: What do I need to do for binary and/or source code distribution?

      A5: Many open source licenses require you to include copyright notices distributed in the code itself identifying the authors of the code being distributed. Some open source licenses also require you to include the license under which you received the code with the code that you distribute so that downstream users of the code are made aware of the terms and conditions under which they can use the code. Microsoft does not require any notice or other attribution when you disclose or distribute your implementation in binary form.

      The above is a variation of MS propaganda against OSS; taking shots at OSS while pretending to answer a "question," failing to distinguish that they are comparing their license for a specification vs open source licenses for actual programs.

      Anyway, I read most of the license and the sections 2.1 and 2.2 seem incompatible with most open source licenses that I am aware of. Why? Because both the patent and source code distribution license grants are explicitly stated as:

      nontransferable, non-sublicenseable, personal.

      IANAL, but to me this means that if you are a recipient of a program under this license (from a party who accepted this license), you have no right to redistribute the source code unless you sign a separate license with Microsoft. This, in turn, means that the source code distribution license is held hostage by Microsoft - i.e. they may, at any time, change the terms or discontinue this license offer and no new developers (who have not agreed to the original license) would be able to redistribute the source of the existing open source programs implementing the specification.

      Once this becomes popular, as Microsoft seems to hope, they may even (or at least have an option to) say - sorry, but we are no longer offering the "source code distribution" option with our new licensees, so sorry, really.

      So, at the end, again they hope, everyone would have granted their patent licenses to MS, and MS would be in charge of the terms for the source code distribution.

      This license is not compatible with OSS.
  • by ravenspear (756059) on Tuesday August 24, 2004 @05:46PM (#10061300)
    How long will it be before you have to have a signed agreement with Microsoft to send an email?
    • How long will it be before you have to have a signed agreement with Microsoft to send an email?

      Not long. Especially if this standard takes off and anyone not using it has all of the email they send rejected as spam.
    • How long will it be before you have to have a signed agreement with Microsoft to send an email?

      It will just be implicit. You will send your e-mail and they will charge $0.05 to your account.
      • by ePhil_One (634771) on Tuesday August 24, 2004 @06:07PM (#10061483) Journal
        How long will it be before you have to have a signed agreement with Microsoft to send an email?
        It will just be implicit. You will send your e-mail and they will charge $0.05 to your account.

        Tracked by MS Passport, of course. Don't worry about getting your Credit Card out, MS already has it.

        Man, I just love a good conspiracy theory!

  • OpenPGP Anyone? (Score:2, Insightful)

    by ChronoWiz (709439)
    Why not use something like gnupg to sign email in order to prove the identity of the sender?
    • by jgardn (539054) <jgardn@alumni.washington.edu> on Tuesday August 24, 2004 @06:08PM (#10061490) Homepage Journal
      Just to get everyone up to speed:

      - SPF (http://spf.pobox.com) is the current email authentication protocol that is dominating the world.

      - Microsoft proposed Caller ID which was never accepted by the community.

      - Microsoft and SPF advocate Meng Weng Wong brokered a deal and formed Sender ID. Basically, SPF is intact, but some features of Caller ID are preserved as an optional extension.

      The part of Caller ID that remains is the PRA or "Purported Responsible Authority". The PRA is deteremined by a complicated algorithm that I personally don't believe would work. The algorithm is intentionally vague in some areas, and the results are ultimately subjective. The intention of the PRA algorithm is to determine who wrote the email based on the email headers. As everyone knows, the email headers are spoofable. But the idea goes, if you can track down the PRA, then you can authenticate this email based on that, rather than just the last hop like SPF does.

      The problem from day one has been the patent issue. Microsoft is in the process of patenting the PRA algorithm. This isn't a problem. The problem is that Microsoft refuses to put the patent in the public domain or license the patent such that anyone can use it except those who use patents against Microsoft. Both of those strategies are perfectly reasonable, and are pretty much what IBM does for most of its patents.

      Microsoft originally wanted to get a copy of the software and a signature before they would grant a license. Well, that doesn't work for F/OSS. The MARID working group who is investigating various solutions to the email authentication protocol for the IETF has been petitioning Microsoft to revise or clarify their licensing procedure. Well, they finally have, and in so doing they have not made it F/OSS compatible.

      Microsoft thinks they can bully us around, but they don't realize they are the small kid on the email block. Their Caller ID failed. Now Sender ID is going to fail because Microsoft refuses to participate.

      But that's okay. The PRA algorithm isn't anything we'll need to solve the email authentication problem.
      • SPF (http://spf.pobox.com) is the current email authentication protocol that is dominating the world.

        SPF is dominating nothing. It's a neat idea, but the way the SPF people are pushing it is purely ludicrous. The email [google.ca] experts [google.ca] of the world are not onside, I'm sorry to say. Reasons? SPF champions are making fools of themselves by saying that everyone should adopt SPF, and non-adopters are also the kinds of people who support spam and open relays. Totally wrong. The SPF people are also pushing a crazy so

        • The email experts of the world are not onside, I'm sorry to say.

          I have yet to see Vernon contribute anything positive in the IETF anti spam efforts. His approach has basically been to attack all ideas other than his own and troll for flamewars. At one point he was automatically reporting all posts made to the ASRG list from people he disagreed with to DCC as spam.

          The only people Vernon was helping was the spammers. We have no need of his type of help.

          It appears that the other person you are quoting as

          • The SPF/SenderID group understands exactly what it is doing. It is not making the claims you are asserting

            I was an SPF supporter (had TXT records for my domains, even) until I took a look at their objections page [pobox.com]. Take a look at it yourself.

            • "Second, to handle bounces, I propose a rewriting scheme as follows" -- as Vernon points out, this scheme is terribly broken. It is not a generic solution, and is definitely not going to work globally.
            • "Domains that refuse to publish SPF or publish global-allow SPF
          • I don't know about other people, but I have, for *months*, been posting things to Slashdot pointing out holes in SPF and misdesign in every SPF discussion. SPF proponents seem to generally skip over my lists of problems and make lengthy posts about how "SPF is better than nothing", which I disagree with. I've just about had it with the SPF people, who I'm generally now seeing as not capable of decent design.

            Just because I intensely dislike Microsoft's system does not mean that SPF should instead be deplo
      • Ok, so Microsoft seems to be trying to assert patent rights on Sender ID, in a fashion that makes open source difficult to implement.

        Can anyone tell us what is stopping the Free world from simply reverting back to plain old SPF and ignoring Microsoft's extensions?
    • It wouldn't work because you would only need to sign the first email, and then the next 10000 can be an exact copy of the first one.

      What would work is if you required all incoming email to be encrypted (and possibly signed) except for things on a white-list, but I suspect you wouldn't get much email then.

      Of course one could argue that that would solve the problem with spam, but I think I prefer the disease to the cure in that case.

      • Re:OpenPGP Anyone? (Score:3, Insightful)

        by 0x0d0a (568518)
        It wouldn't work because you would only need to sign the first email, and then the next 10000 can be an exact copy of the first one.

        So what? Sign the contents of the header as well, not just the body, and now if Bob lets you send email to him, you can send 10000 (well, unless he has a "rate limiting" cap on mail from you) emails -- but only to him. That's rather expected behavior, I'd say. If I don't accept any email that doesn't contain a "To:" or "Forwarded To" or "Bounced To" or whatever header cont
    • Re:OpenPGP Anyone? (Score:3, Insightful)

      by JimDabell (42870)

      Why not use something like gnupg to sign email in order to prove the identity of the sender?

      Because that requires changes to end-user behaviour.

      In any case, a signature doesn't prove identity unless you or somebody in your web of trust has checked the fingerprint. This means that it's only a little more useful than a manual whitelist when it comes to avoiding spam.

      • t's only a little more useful than a manual whitelist when it comes to avoiding spam.

        Last I checked, a whitelist-only approach was 100% effective at avoiding spam.

        Max
        • Confirmed. I haven't had any spam since I started using qconfirm [smarden.org].

          Rik

      • Because that requires changes to end-user behaviour.

        In any case, a signature doesn't prove identity unless you or somebody in your web of trust has checked the fingerprint. This means that it's only a little more useful than a manual whitelist when it comes to avoiding spam.


        Yeah, but it'd be just as easy to piggyback GPG onto DNS (have a GPG keypair for each domain, the public key of which is distributed via DNS, that is considered "trusted" for the purposes of verifying each email -- it would sign the u
        • This would allow user-level granularity and fix a vast number of problems with the existing schemes -- frankly SPF and Caller ID are nothing more than fairly bad authentication schemes, whereas GPG is mature, well tested, and strong.

          Jon Callas, CTO of PGP is actually quite definite that Domain Keys and PGP need keeping appart. You do not want to dilute PGP by applying it at the domain level.

          Meanwhile the Principal Scientist of VeriSign is making a similar argument, S/MIME is waaay over built for ordinar

          • Jon Callas, CTO of PGP is actually quite definite that Domain Keys and PGP need keeping appart. You do not want to dilute PGP by applying it at the domain level.

            (a) You can have multiple databases, if you find it necessary. I'd say that simply using the existing "level of trust" is sufficient -- have a "non-spam-authority" trust level, which is below just about anything.

            (b) The use of domain-level PGP would *only* be used when calculating trust metrics for *spam*. Other stuff would not use them.

            (c) "
    • Why not use something like gnupg to sign email in order to prove the identity of the sender?

      Because there is no standardized way to say "if there's no signature, the message did not come from me".

      Most people do not sign their messages with gnupg; it's ordinary to accept unsigned messages. Thus, there's no way for me to prevent people from forging mail from me. Which is most annoying - I regularly have to wade through all the messages sent in reply to viruses/worms I supposedly emailed out.

      • If you signed *all* of your e-mails, and you made it your standard policy, then you can refute forgeries.
        • I said: Most people do not sign their messages with gnupg; it's ordinary to accept unsigned messages. Thus, there's no way for me to prevent people from forging mail from me. Which is most annoying - I regularly have to wade through all the messages sent in reply to viruses/worms I supposedly emailed out.

          SpaceLifeForm replied: If you signed *all* of your e-mails, and you made it your standard policy, then you can refute forgeries.

          No, you missed my point. What I'm concerned about is these replies to forg

  • by chrispyman (710460) on Tuesday August 24, 2004 @05:48PM (#10061315)
    Seriously, does Microsoft think that highly of themselves that they can dictate a standard that requires a license from them? Sure they have a majority of the OS and E-mail clients, but I doubt they have a majority of the Mail Servers out there.
    • by SilentChris (452960) on Tuesday August 24, 2004 @06:04PM (#10061451) Homepage
      Well...

      Outlook is the most popular email client out there, bar none (think how many worms targetted it). Most people who use Outlook use Exchange, at least on a frontend level (my company uses Exchange popping off a more secure backend).

      Even if Exchange wasn't being used in the majority of servers, the mere fact that so many people use Outlook as a frontend will dictate whether or not this will be accepted (and, knowing MS, they'll find a way to tie this into Outlook). Think IE, and how many sites are custom crafted to it.
      • by grasshoppa (657393) <skennedyNO@SPAMtpno-co.org> on Tuesday August 24, 2004 @06:06PM (#10061470) Homepage
        No, actually, it won't.

        If your front end servers are not exchange, I can't see a reason why you'd want this, as licensed. The objective of spam is to be delivered. That's it. Once it hits your server, the objective has been completed, whether or not it's filtered by a second stage server is irrelevant.
        • The objective of spam is to be delivered. That's it. Once it hits your server, the objective has been completed, whether or not it's filtered by a second stage server is irrelevant.

          Thats the worst theory I've ever heard. Did you dump you newspapers in the trash and call them delivered? Spam isn't delivered until it gets in front of you. If it manages to get into my inbox where I can delete it after reading the subject, thats victory, +5 points; if I am tricked into opening it, +50 points. If it gets deliv

        • The purpose of spam is to attract a response from a reader. This requires delivery and viewing. It also often requires a direct response, such as clicking on a link, though the response may simply be remembering the message if it's, say, an advertisment.

          On the other hand, a spammer being paid to spam for someone else will have different goals. They will care more about deliveries, or web-bug hits, etc than real effects - because the chances are that's how their pay is calculated. For those people, I think
    • Seriously, does Microsoft think that highly of themselves that they can dictate a standard that requires a license from them

      You mean like Windows?

      • Like Windows being the most common platform for mail transport agents, the platform upon which the vast majority of mail transport agents run, the platform which exerts so much total control over mail delivery that it can dictate terms to that puny leftover remnant of the nonconforming world.

        NOT!
    • Yes, they probably think they have some control in the email arena. Unfortunately, they don't. All you have to do is look at the competing SPF-classic (spf.pobox.com) and you'll see that even Sender ID - a compromise between SPF and Caller ID - is failing.

      People are wondering if Microsoft has any measurable quantity of email servers facing the real internet. Best practice is to put sendmail (or postfix or qmail or whatnot) between your exchange servers and the internet. Even now, people are proposing standards and practices that totally ignore how the exchange server functions, and the community for the most part doesn't seem to mind.

      I think this is the "age of irrelevance" for Microsoft. The "real" internet doesn't even come into contact with Microsoft anymore. Companies don't have internet-facing Microsoft servers anywhere that I can tell. Those who do obviously aren't going to have much uptime. (Would you run a Microsoft server without a firewall between it and the internet?)
      • "I think this is the "age of irrelevance" for Microsoft. The "real" internet doesn't even come into contact with Microsoft anymore. Companies don't have internet-facing Microsoft servers anywhere that I can tell. Those who do obviously aren't going to have much uptime. (Would you run a Microsoft server without a firewall between it and the internet?)"

        Apparently, the 2nd, 4th and 6th largest websites in the US aren't part of the "real" internet.
    • For the majority of Windows users, Outlook is the default email client they end up using. All Microsoft has to do is annoy/frighten/nag Outlook users everytime they recieve a non-Sender-ID email. "WARNING: This email message came come an unverified location. Would you like to file this email in safe folder and view it later?" or words to that affect is all it takes. Eventually users complain to their networks ops about these vague warning errors and lost emails then the annoyed network ops eventually patch
      • Most corp. users don't configure their e-mail personally, it is done by a sysadmin or pre-configured when they arrive to work. A vast majority of home users use webmail's such as gmail, etc.

        If word got around that MS was going to change the behaviour of Outlook to this, I doubt a great many corps will change over to this new Outlook. Many companies are still out there using NT4/Office97. Even if they did upgrade, it wouldn't be without first disabling this via a policy. Sure home users will get spooked, bu
  • Current Climate... (Score:5, Insightful)

    by Manip (656104) on Tuesday August 24, 2004 @05:48PM (#10061320)
    In the current climate you could never produce a HTTP/SMTP type protocol because everyone is out to make money and gain power. What Microsoft has done is take a relatively open protocol and slapped a 'Microsoft Property' sticker on it, this will effectively limit its usefulness even if they are not charging a penny.

    What is stopping them from letting it catch on and then asking for $1 from each project?

    • by perlchild (582235) on Tuesday August 24, 2004 @06:28PM (#10061662)
      Their word, it's not worth much, but it's there.

      In the future, I'd recommend the IETF just make sure any standards it endorses includes a poison pill for would-be patenters contributing to standards, that if it changes the rights of patentees in the future, after it's become a standard, to restrict them in any discriminatory way, that it must pay the cost of developing the next, non-compatible(yet non-infringing on the patent) standard.

      Let's face it, IBM wouldn't write compatible technology, because they'd have to cross-license their patents to Microsoft in order to get it, but neither can IBM afford to have a product that's incompatible with an IETF standard.

      I'm all for rewarding the developer of a technology for doing useful work, I'm all against technologies being discovered useful only once the dollar signs come in. I'm pretty sure the IETF's stance on patents is due to the fact that it has to standardize what are often de-facto standards, picked by market effects to be the best technology. Now Microsoft is abusing the process, in order to use the IETF as a marketing weapon against its competitors.

      Now my opinion is that patents and standards are exact opposites, and if you want a patent, you should just stay away from standard bodies until your patent runs out, and they should stay away from you. The patent owner and the standards body just have opposite goals:

      The standards body wants to reduce the work and costs involved in increasing the number and likely hood of people using best practices and technologies, by agreeing on them and publicising them. In the knowledge fields, a standard has the force of law, simply because knowledge of a best practice being a best practice, means any other way of doing things has to be justified. The best practice is simply, better. The patent owner wants to make a maximal profit out of whatever use of his technology. That means those who compete with the patent owner cannot use the technology without the patent owner not having what he wants. The difference is fundamental, and a conciliatory position by Microsoft, as generous as it may be, is suspicious, simply because it's against their own interest

      Well with the possible exception of removing "random" spam would allow them to become the only source of email advertising for their hotmail users, but in this case, their interest it would be magnified if they can deny it to _someone_, say aol, who would be denied from licensing the patent without some counterpart being presented to Microsoft. Can they exclude AOL reasonably without being discriminatory, I wonder, since IANAL, but I can certainly see their advantage in doing so.
  • by burgburgburg (574866) <splisken06@email . c om> on Tuesday August 24, 2004 @05:49PM (#10061332)
    Lock of hair
    Three drops of blood
    Other fluids (defined in separate document)
    Provide access for nanoprobes (Resistance is futile, after all.)

    I'm in!

    • Yeah, funny and all (Score:3, Informative)

      by Mr 44 (180750)
      But did anyone actually read the article? You don't need to sign the agreement to implement sender ID. They are just pre-emptively giving out the agreement that would be necessary if their pending patent is granted.
      • by Inf0phreak (627499) on Tuesday August 24, 2004 @06:21PM (#10061607)
        And you think that the patent won't be granted?! You hold the USPTO in much too high regard.

        Prior art may exist (I know absolutely nothing of that), but who wants to go to court with Microsoft?! Especially when they have admitted (q.v. Halloween memos) that patents are potentially useful to combat open source software.

        • And you think that the patent won't be granted?! You hold the USPTO in much too high regard.

          Lets imagine the patent filing was Jan 2003. If Microsoft is lucky the examiner might start the exam by Jan 2005, but at the current load quite likely it would be 2006. By the time the prosecution is complete it could easily be 2008 or even 2009.

          Chances that the USPTO is still being run by idiots then?

          OK still high but there is a chance that Microsoft has created enough paranoia by then for Congress to be serio

  • by Flower (31351) on Tuesday August 24, 2004 @05:53PM (#10061369) Homepage
    Note: I have not gone into all the gory details of this issue but I did RTFA. So here goes:

    OpenBSD did it when they made CARP. Cisco wouldn't play so not only did the OBSD team create a new solution but they created a superior solution. Is there any reason why the FOSS community could not come up with an alternative and try submitting it to the IETF? (I do know that the OBSD developers got stuffed when they tried this but maybe it might work here.)

    • by eln (21727) on Tuesday August 24, 2004 @06:04PM (#10061454) Homepage
      Microsoft has a whole lot more leverage to push their own solution. If Microsoft decides that their way is the way to go, they can implement it in all of their product offerings, thus forcing others to follow suit or risk being cut off from the vast majority of the Internet using public.

      The Open Source community can, and has, come up with competing standards, but bringing enough pressure down on Microsoft to force them to comply is a whole lot harder, since they hold all the cards.

      The only hope, then, for an open source competing standard to succeed, is to make the open source solution so obviously superior that even Microsoft users can see its superiority, and bring pressure to bear themselves to force Microsoft to support that standard.
      • by Arcturax (454188) on Tuesday August 24, 2004 @06:26PM (#10061649)
        If Microsoft decides that their way is the way to go, they can implement it in all of their product offerings, thus forcing others to follow suit or risk being cut off from the vast majority of the Internet using public.

        Where do I sign?
      • by kindbud (90044) on Tuesday August 24, 2004 @07:06PM (#10062033) Homepage
        Microsoft has a whole lot more leverage to push their own solution.

        No they don't, not in this case. If Sender-ID client code is only deployed among Microsoft products, then communicating with Microsoft products may require an administrator to put some records in their domain zone file. Microsoft cannot yet prevent me from putting the DNS records in my zone that their software is looking for. I wouldn't put it past them to try, but it doesn't seem like they can have any IP claim over a string in a TXT record.

        But I don't have to use or deploy any software that uses any Sender-ID patented algorithms. Email for my users will still be delivered as usual, whether my MTA checks Sender-ID records or not.

        The worst that can happen is that people will face a choice of whether or not to put Sender-ID records in their DNS, if they wish to communicate with Microsoft products that enforce Sender-ID protocol.
      • Acutally, I'd say that MS holds only a few good cards.
        The rest are held by sendmail installing geeks, Google (gmail), and Yahoo.

        I seriously doubt google will work with MS with this, and I sort of doubt that yahoo will work with MS if Google doesn't, especially when better OSS solutions are already available and being implemented.

        Sure lots of exchange servers will probably use it, but that's not a standard, that's a "our office happens to use this product" situation.
      • by dekeji (784080) on Tuesday August 24, 2004 @08:53PM (#10062962)
        Microsoft has a whole lot more leverage to push their own solution. If Microsoft decides that their way is the way to go, they can implement it in all of their product offerings, thus forcing others to follow suit or risk being cut off from the vast majority of the Internet using public.

        SPF is not necessary for exchanging electronic mail. If Microsoft servers fail to exchange mail with any significant number of OSS mail servers, the result won't be that OSS gives up and everybody signs patent license agreements with Microsoft, but rather that SPF won't get used. The long term fall-out would be that people would take Microsoft even less seriously when they come to standards bodies, and to hurt IETF credibility even further (IETF is already largely irrelevant).
    • ... and MS holds 95% of the desktop market along with an ever-increasing server market (a lot of places are dumping Groupwise for Exchange).

      The reason why FOSS solutions dominated in the architecture of email was because no big company created a serious alternative. MS has created a new standards to compete with other standards for id'ing mail. FOSS isn't even out of the gate with a 1.0 solution yet. Guess who's going to win?
  • MS Hypocrisy (Score:3, Interesting)

    by Mike deVice (769602) on Tuesday August 24, 2004 @05:54PM (#10061375)
    So... Microsoft claims to be fighting the good fight on spam. But they then require a license to use Sender ID. It's my hope that people will have the sense to use regular SPF, and let Sender-ID die.
  • by maximino (767005) on Tuesday August 24, 2004 @06:08PM (#10061488)
    This is it! Of course we've seen things like this before, but Microsoft is preparing to ensure its eternal monopoly by making sure no one can leave its systems. It would be just fine by Redmond if no one could send e-mail without proper authorization. But now that we've got patented standards, expect to see locked-in Office files, network protocols, the works. Most people and companies really couldn't switch from Windows if they could no longer open their files or network with a Windows machine. The fact that Microsoft is willing to pull this now when some high-level spam solution is required is just reprehensible. In light of their withdrawal from the UN standards committee today I think we're seeing how the next 5 years is going to go.
  • by toxic666 (529648) on Tuesday August 24, 2004 @06:11PM (#10061519)
    As long as the IETF maintains a global perspective, it can not accept standards encumbered by IP more restrictive than the GPL. It seems obvious -- we've all benefited by open standards on the Internet. But who knows, stranger things have happened.

    This could be a good test case. MS may continue to pursue its IP Holy Grail business model, but if the IETF can stand firm and refuse restrictive licensing, they will not be able to force it down the world's throat. On the other hand, if the IETF does accept these kinds of IP restrictions, MS may have a path forward in pursuing its new business model of patents and copyrights for obvious and trivial ideas.
    • The MS proposal does not seem too different from what IETF already accepts. To take a global perspective, consider the the statement from France Telecom [ietf.org]:

      If part(s) of a contribution by France Telecom SA employees is(are) included in an IETF standard and France Telecom SA has patents and/or pending applications that are essential to implementation of such included part(s), France Telecom is prepared to grant, on the basis of reciprocity (grant-back) whenever applicable, a license on such included part(s) o

      • There are lots of other examples at http://ietf.org/ipr.html with
        fairly similar "don't sue me and you can use it" terms. The IPR
        terms being offered here almost look like a cut and paste job, to
        be honest, and that may not be a bad thing. There actually
        can be advantages to someone holding a defensive patent:

        It means someone who wants to use a submarine patent to
        control this technology has to fight Microsoft's lawyers.

        Microsoft's grant is: 1) subject to any denial of claims by
        the USPTO, 2) Royalty-free (as
  • Senmail's Position (Score:5, Interesting)

    by Mike deVice (769602) on Tuesday August 24, 2004 @06:14PM (#10061547)
    There are two quotes from this [imc.org] message by Eric Allman of Sendmail, Inc. that are pretty interesting...

    On the open source side, the sendmail MTA is routinely bundled into other larger systems, notably open source operating system releases such as Linux and BSD distributions as well as commercial closed-source systems such as Solaris and AIX. Bundlers would need to execute their own copy of the RFSIPL. Those systems are in turn sometimes incorporated into other products, which would seemingly require another layer of patent licenses, and so on down the tree. As a practical matter, this makes the decision to include sendmail with Sender ID into their release more problematic. This is obviously not desirable from our point of view.

    And...

    While these are pragmatic rather than legal reasons, our likely decision at Sendmail will be to distribute our Sender ID implementation as a separate package that is not required to run the sendmail MTA under a distinct (possibly modified) Sendmail Open Source license. Open source users will have the option of downloading and installing the Sender ID package should they want the additional functionality. Bundlers will be able to choose whether they want to include the Sender ID technology or not, but will still be able to use the base sendmail MTA without additional IPR issues.

    I'll be really interested to find out what the take of some Linux Distros will be on this.
  • Stalemate (Score:5, Insightful)

    by Performer Guy (69820) on Tuesday August 24, 2004 @06:28PM (#10061668)
    So now nobody will implement this, and Microsoft, through patenting something obvious and trying to license it has scared everyone away from some pretty good ideas that would have been implemented otherwise, with or without Microsoft's help.

    This is just the latest chapter in IP stupidity.

    This stuff has been discussed for years, if this had been treated like most other W3C standards we'd be in the clear by now waiting for implementations, instead everyone's scared. Does anyone realistically think that there aren't patents that W3C standards already infringe? Finally we actually get rights to something and we're inspecting the teeth, simply because the subject has been raised.

    The crazy part of this whole deal is that most software is riddled with potential patent violations, including Microsoft's and including projects like Mozilla, Gimp and Open Office. That's why MS are trying to retain *defensive* rights, because they know it would be dangerous to give this IP away, anyone could stand on their shoulders, and a widget and then sue them (and that has happened already) and Microsoft would have no way of countering. If they adopted a more GPL oriented license with the rights being rescinded in the event of any patent suit against M$ it would be golden. They could just do to the protagonists what IBM has just done to SCO, infact that wording is almost already in the GPL.

    I think this situation can be salvaged with another revision of the license. We should not give up on this or go for the second best option on such an improtant proposal.

    We're getting to witness what the beginning of the web would have been like had Tim Bernards Lee patented some of his ideas. It ain't going to be pretty.
  • on the birth of your child. We know that bringing an infant up in the 21st century is a daunting business. Thats why we have designed especially for you a completely free licensing policy agreement that will safeguard young (enter name) from the burden of facing a bleak future without a licensed, activated copy of our latest (enter name) operating system or proprietary value added software.

    As a further benefit, our intellectual protection package will ensure that your young tit sucker's ideas will never fa
  • by Anonymous Coward on Tuesday August 24, 2004 @06:30PM (#10061680)
    and omitted any info about sendmail's participation in this. Interestingly, Newsforge has a slightly better (though still flawed) story on the whole isue that includes sendmail.

    Leave it to Michael to post some flame in an instance where Eric Allman argues that Microsoft has made signficant changes in the license in an effort to work closely with open-source vendors.
  • ...just how evil a single company can be. Microsoft seems to be completely committed to the singular goal of destroying everyone and everything that might ever compete with it, using whatever tactics (legal or not) it can come up with. The quirky thing about MS's antics are that unlike IBM making money doesn't seem to be the primary goal, but rather establishing control dominance. MS acts more like a government yearning for dictatorship than a for-profit institution.

    It's crap like this that makes me thi
  • by barcodez (580516) on Tuesday August 24, 2004 @06:35PM (#10061723)
    SPF works, it does exactly what it is designed to do what reason would there be to use Sender-ID?

    SPF works today with existing software - I'm at a loss to why anyone would want Sender-ID apart from Microsoft.

    I'm sure Microsoft people will install it all blindly (no change there) but if a significant number of mail servers don't implement and or deploy it then it has failed anyway.
  • As reported yesterday [ttp]:

    Josh Ledgard: Would you have interest in working on these types of projects with Microsoft? If not, what could entice you?

    Stop pulling stupid shit like this perhaps?

  • ...or does MS REALLY over-use the words "royalty free"? Sounds fishy from the git-go.
  • by dekeji (784080) on Tuesday August 24, 2004 @09:08PM (#10063092)
    Microsoft is apparently trying to play hard-ball with OSS developers, forcing them to accept some kind of licensing terms or forcing them to stop developing this kind of software. But OSS developers don't have a choice: there simply is no way under which OSS developers can give in to Microsoft's licensing terms, even if they wanted to, since the terms are just fundamentally incompatible with most OSS licenses.

    Furthermore, going to IETF with such standards proposals is pointless: the only producers of software that count in this space are Microsoft and OSS. If IETF starts producing standards under terms that are not acceptable to OSS developers, then that just makes the IETF irrelevant but it won't help with adoption of a solution.

    In this case, if IETF's SPF standard isn't 100% compatible with OSS licenses, OSS software will not incorporate it and Microsoft Exchange installations will be unable to use IETF SPF with a significant fraction of Internet hosts. If Microsoft were competing with a commercial vendor of mail server software, that vendor would be in deep trouble and it might induce that vendor to come crawling to Microsoft begging for a license. But OSS developers won't do that: OSS projects don't have the same kinds of short-term pressures on them as commercial software vendors, and even if they wanted to give in, OSS licenses make it impossible.

    Microsoft's management just doesn't seem to understand that they are not dealing with another business anymore: the strategies that they have used against commercial competitors just don't work against OSS. All they are accomplishing with this sort of behavior is to taint their own credibility and the credibility of the standards bodies they get involved.
  • Read the thread. It's clear that this is yet another example of software patents stalling or outright halting technology development.
  • Look, I don't mean to be a wanker here, but all of you who are all gung-ho about SPF and happy-happy-happy about working with some whizz-bang IETF project to bring on board the likes of AOL and MSFT are ... gullible and naive. It's amazing how really smart people can do some really dumb things.

    No one in the history of business has managed to engage in any kind of relationship what-so-ever with Microsoft Corporation and not gotten screwed in the end. No exceptions exist to date.

    How many times do we ha

  • apt name! (Score:3, Funny)

    by zozzi (576178) on Wednesday August 25, 2004 @03:03AM (#10065435)
    MARID means sick in the Maltese language... someone must not have done his homework well :-)

fortune: cannot execute. Out of cookies.

Working...