Apache Rejects Sender ID 351
hexene writes "In an open letter to the IETF MARID Working Group, the Apache Software Foundation has rejected the patent-encumbered Sender ID specification. This means no Sender ID support for SpamAssassin, Apache JAMES, etc. They state that the current license is generally incompatible with open source, and contrary to the practice of open Internet standards."
Good for them, but not far enough. (Score:5, Interesting)
The whole exercise has been a waste of time and attention for all involved, and the sooner it's forgotten, the better.
MSFT doesn't care about Apache. (Score:3, Interesting)
It's obvious that Apache's concerns are of the utmost importance to both MSFT and those conducting the discussions. If they were SO concerned this would have been taken care of long ago. MSFT figures that either Apache will kowtow after users get pissed that they cannot send to those behind an MS mail solution or that they will end up having to break down themselves later. It's a lot bigger of a gamble for Apache to ignore MSFT than it is for MSFT to ignore Apache.
As an alternative resolution, we would find it acceptable if the pending patents were granted to a non-profit organization such as ISOC and licensed under sufficiently open
terms.
This, OTOH, is a valid option and should be exercised but I highly doubt it will be for obvious reasons.
Sendmail what is your move now?? (Score:5, Interesting)
August 30, 2004
Today, Sendmail, Inc. is releasing an open source implementation of the IETF's Sender ID specification for testing on the Internet. This implementation utilizes the milter interface to plug directly into the sendmail MTA.
Sender ID is a standards-track proposal that merges Meng Wong's SPF and Microsoft's Caller ID for email. Authorizations records are published in DNS in an SPF-compatible format, and then used to validate user-visible message headers using the Caller ID "Purported Responsible Address". This sid-milter release implements the marid-protocol and marid-core draft standards, leaving the marid-submitter SMTP Extension to be implemented directly by the sendmail MTA.
Downloadable source code for sid-milter can be found at: sendmail.net/sid-milter"
RMS summed it up well (Score:5, Interesting)
All listen to the man!
Re:Good for them, but not far enough. (Score:3, Interesting)
I was really interested in SPF for a while, but I'm tired of this shit. Like the grandparent says, it's all a big waste of time. I'm going to delete those TXT records right now...
Sender-ID may not be MS's IP (Score:4, Interesting)
Therefore, Apache maybe abandoning something that it needs not to abandon.
Re:Good for them, but not far enough. (Score:3, Interesting)
The former is much harder to know, for a zillion reasons (subnets controlled by downstream entities, legit residential mailservers, etc.).
More about power and negotiating than technology (Score:5, Interesting)
Fascinating. Absolutely fascinating.
Re:Hoody Hoo! (Score:3, Interesting)
Just the logical outcome of the RAND debate (Score:5, Interesting)
I hope Apache wins the day here. However, the entire reason for the RAND proposal in the first place was to allow commerical interest to capture open Internet standards. I don't think they will be easily deflected.
sPh
what about home email servers ? (Score:4, Interesting)
i have a small email server at home that i use for website signups & imdb movie queries, i have a domain name pointing at it but the reverse dns of my IP gives me not my domain name but my ISP's name of my machine as i dont control the dns for that, so how can i use these email certification systems ? i have complete and correct mail headers and am willing to verify who iam but iam a bit pissed at being denied the use of smtp, whats next ? SSH or [insert port here]
so how will these email schemes protect me ? or is this a case of screw the honest geek on a cable modem and render being in control of my own email useless, forcing me to use "approved server$" from [insert large corp name and another fee here]
Re:MSFT doesn't care about Apache. (Score:1, Interesting)
Some examples, please? Ogg over mp3?
the reason is simple...the desires of the many will trump those of the few or only. so the majority will move on to the open technologies.
Speaking of logic not flowing, what does even mean? How are the desires of the many related to Open Standards? How are Closed Standards only few? You failed to make that connection there.
Re:Good for them, but not far enough. (Score:3, Interesting)
Records already published by 70000+ domains, including some very important ones like aol.com.
A way to guess a default record for any domain not yet publishing, that works for most existing mail servers.
Code already under development and in beta testing for all major MTAs.
Algorithm already implemented in upcoming SpamAssassin filter, which is currently in release testing
It's an inferior attempt at authentication.
Yeah, yeah, yeah... it has crypto, so it must be strong.
Like the grandparent says, it's all a big waste of time. I'm going to delete those TXT records right now...
And replace it with a yahoo DomainKey? How are you going to do that? Oh, you're going to go download the reference implementation [sourceforge.net], compile this alpha-release source code, and run the "dknewkey" to get something like this:
Then you're going to head over head [sendmail.net] and grab this while ignoring the advisory section:
For someone highly concerned about what is and is not a waste of time (unlikely, posting to slashdot).... if you already did publish a SPF record, your best course of action is probably to just leave it there.
Certainly, Yahoo's DomainKeys is not yet to a degree of maturity to be actually used for much more than development and alpha testing.
In contrast, SPF is already protecting 70000+ domains and numerous sites are beginning to filter out forged messages pretending to be from those domains.
Very soon, SpamAssassin 3.x will be released (already on second release canidate), with SPF checking built in and turned on by default. Other anti-spam filters will follow.
From a practical point of view for the near future, choosing between installing a TXT record of the form "v=spf1..." or "k=rsa...", it's pretty clear which of these is useful today and which (unless you're a developer working on DomainKeys) is a waste of time.
SenderID and Patent Issues (Score:4, Interesting)
After reading the statement on the ASF web sit, I reluctantly had to agree with the Apache Software Foundation on the issue of Sender ID. The "free license" offered to those that support SenderID in open-source software packages has too many pitfalls, too many places where it could encumber open source projects. The SpamBouncer [spambouncer.org] will therefore not support SenderID either until there are fundamental changes in the license.
This is a shame. Meng Weng Wong's original idea for SPF was quite good, and I was planning to support it.
Microsoft Patents (Score:5, Interesting)
This means that Microsoft's forthcoming Caller ID patents probably cover SPF. That's the real problem here.
We can't just tell Microsoft to get stuffed and then go ahead and use SPF. There's too much risk that Microsoft will surface with a patent in three or four years that covers a technology which is by then widely used on the net.
I think this decision kills SPF and everything along those lines. Some may cheer and some may be upset, but that is the reality we face. Going forward with SPF under these circumstances is far too risky. Microsoft has warned us about the patent applications and we can't ignore them.
Beyond Control (Score:1, Interesting)
I'm not talking about life and death. The Constitution was made to cover life-and-death, and keep those kinds of decisions in balance. We're talking about optimizing life. And within the confines of that issue, MSFT is un-touchable.
Like I've said before, if the revolution ever does break out, MSFT will be the first ones up against the wall. There will be a bunch of hippies up against the wall with MSFT, as well, simply because we know they don't have any guns.
Christ, we'd have a clean nation again. I don't know what we would do with ourselves. Probably, like, making space stations or something. Conquer space. I dunno...
Forking the SPF standard (Score:3, Interesting)
SPF also has another deeply fundamental flaw - it requires the ISP to be vaguely competent. That alone is fatal for many of ISPs.