Stories
Slash Boxes
Comments

News for nerds, stuff that matters

OSI And Microsoft Negotiating Over Sender ID

Posted by timothy on Tue Sep 07, 2004 09:40 PM
from the accord-is-nice-but-so-is-lexus dept.
ValourX writes "Microsoft's Sender ID has already been rejected by both the Debian Project and the Apache Software Foundation, but Joe Barr of NewsForge today interviewed Larry Rosen of the Open Source Initiative and discovered that there are negotiations between the two entities with regard to Sender ID's licensing. Could Microsoft be considering an Open Source license for Sender ID? Slashdot has covered other aspects of this story in the past. NewsForge is part of OSTG, like Slashdot."
This discussion has been archived. No new comments can be posted.
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • hm.. (Score:4, Insightful)

    by mcovey (794220) on Tuesday September 07 2004, @09:41PM (#10185442)
    (Last Journal: Sunday July 11 2004, @09:31PM)
    sender ID still sounds a lot like PGP to me. why not just use that?
    • Re:hm.. (Score:4, Insightful)

      by Nermal6693 (622898) on Tuesday September 07 2004, @09:43PM (#10185464)
      Because MS can't possibly acknowledge that someone else has already come up with the idea.
      [ Parent ]
      • Flamebait? by irongrip (Score:1) Wednesday September 08 2004, @04:07AM
    • Re:hm.. by JThundley (Score:2) Tuesday September 07 2004, @09:45PM
    • Not PGP, but something open (Score:5, Informative)

      by Izaak (31329) on Tuesday September 07 2004, @10:05PM (#10185632)
      (http://www.gridslammer.org/)
      I'm not certain PGP is up to the task, but certainly some sort of public/private key signing tech needs to be used. The most important thing is that it be based on open non-patent encumered algorithms... otherwise it will never be accepted broadly enough.

      What really needs to happen is for an open counter proposal to come out, and that needs to be folded into the public code base for sendmail as managed by sendmail.org. Unfortunately sendmail.org is sponsered by Sendmail, Inc. (sendmail.com), a commercial company that has announced support for Microsofts version of Sender ID. This could be a source of conflict perhaps?

      Cheers
      Thad
      [ Parent ]
    • Nothing like PGP (Score:5, Informative)

      I don't think SenderID is anything whatsoever like PGP. Coincidentally I went to Microsoft.com and read about SenderID [microsoft.com] today to see what the fuss is about. Turns out, and I'm sure someone will correct me if I'm wrong, it's simply an extension record in your DNS MX record that basically lists the possible outgoing IP addresses for email from a certain domain. For instance Citibank would add their outgoing mail servers in their MX record (because presumably only authorized agents will be screwing with the MX record), and any recipient can simply check the MX record and get the possible source IP addresses, rejecting the phish attempt from some server in central Russia. There's a tool [anti-spamtools.org] to configure the extension block.

      As an aside, because invariably someone will mention this, TCP (on which SMTP is based) is connection based, so spoofing isn't an issue.
      [ Parent ]
    • Re:hm.. (Score:5, Informative)

      PGP is to ensure that the contents of the email are un-altered and that the contents of the email can be authenticated.

      Sender ID is to ensure that the envelope of the email (this is not the message body, but the envelope) is coming from a server of which where the owners of the domain say "this is our outbound mail gateway".

      Envelope - Message header - Message body.
      Three different things.
      [ Parent ]
    • 2 replies beneath your current threshold.
  • Bah (Score:4, Interesting)

    by FuzzzyLogik (592766) * on Tuesday September 07 2004, @09:42PM (#10185452)
    (http://www.unlogikal.net/)
    I hope they still reject it. There's bound to be a better solution that won't give Microsoft yet another stranglehold on this as well. For once I'd like to see a standard (free and open) that MS has to follow instead of the other way around.
    • Re:Bah (Score:5, Informative)

      by echeslack (618016) on Tuesday September 07 2004, @09:47PM (#10185497)
      (http://technilog.blogspot.com/ | Last Journal: Monday September 06 2004, @11:58PM)
      I don't think MS has a chance of getting a stranglehold on this. I mean, in terms of email, they really need the cooperation of pretty much everyone for it to work anyway. There are far too many non-Microsoft free software mail servers run by large and small companies. Granted, Microsoft has a huge presence on the desktop, but they aren't dominant enough yet on servers to make it really work in their favor.

      Maybe they are honestly trying to solve the spam problem and are willing to compromise for the good of users.
      [ Parent ]
      • Re:Bah by FuzzzyLogik (Score:2) Tuesday September 07 2004, @09:51PM
        • Re:Bah by echeslack (Score:1) Tuesday September 07 2004, @09:54PM
          • Re:Bah by tonyr60 (Score:2) Wednesday September 08 2004, @12:07AM
            • Re:Bah by Knuckles (Score:3) Wednesday September 08 2004, @02:31AM
      • 2 replies beneath your current threshold.
    • Re:Bah (Score:4, Insightful)

      by BitterOak (537666) on Tuesday September 07 2004, @09:50PM (#10185528)
      For once I'd like to see a standard (free and open) that MS has to follow instead of the other way around.

      Like TCP/IP?

      [ Parent ]
      • Re:Bah by FuzzzyLogik (Score:1) Tuesday September 07 2004, @09:53PM
        • Re:Bah by ozric99 (Score:3) Tuesday September 07 2004, @10:35PM
          • Re:Bah (Score:5, Insightful)

            by cbreaker (561297) on Tuesday September 07 2004, @10:39PM (#10185869)
            (Last Journal: Tuesday December 12 2006, @07:54PM)
            They aren't just "a business" they are the utterly dominant presence in all-things-computers. They should act responsiby with that power; instead they use each and every little god-damned thing they can think of to put their own proprietary stuff out there with hooks that give MS complete control.
            [ Parent ]
            • Re:Bah by Bricklets (Score:3) Wednesday September 08 2004, @05:15AM
              • Re:Bah (Score:4, Funny)

                by Jah-Wren Ryel (80510) on Wednesday September 08 2004, @09:56AM (#10189066)
                Sorry, this isn't Spider-man. This is a business. With great power does not necessarily come with great responsibility.

                But regardless of their comic book status, with great power comes great vulnerability.

                If you go around acting like the proverbial 800lb gorilla (you know the one that can sit anywhere it likes, without caring whom it might squash in the process), sooner or later you are going to get bit in the ass. Or, to really mix metaphors, you'll wake up one day like Guilliver -- tied down by 1,000 lillputians who are now standing on your face with with their toothpick-sized swords ready to stick your eyeballs.

                This is also something that Bush and his neocronies haven't seemed to figure out either, despite receiving a few bites in the ass already.
                [ Parent ]
              • I guess I'm just not enough of a prick to agree by cbreaker (Score:3) Wednesday September 08 2004, @09:31PM
            • Re:Bah by EvilAlien (Score:2) Wednesday September 08 2004, @08:18AM
            • Re:Bah by ozric99 (Score:2) Wednesday September 08 2004, @08:46AM
          • Re:Bah by FuzzzyLogik (Score:3) Tuesday September 07 2004, @10:40PM
            • Re:Bah by John Courtland (Score:2) Wednesday September 08 2004, @12:23AM
              • Re:Bah by ozric99 (Score:2) Wednesday September 08 2004, @08:54AM
              • Re:Bah by John Courtland (Score:2) Wednesday September 08 2004, @02:31PM
              • Re:Bah by ozric99 (Score:2) Wednesday September 08 2004, @04:16PM
              • Re:Bah by John Courtland (Score:2) Thursday September 09 2004, @12:05AM
              • Re:Bah by ozric99 (Score:2) Thursday September 09 2004, @08:38AM
              • Re:Bah by John Courtland (Score:2) Thursday September 09 2004, @09:39PM
          • Re:Bah (Score:5, Insightful)

            by Anonymous Coward on Tuesday September 07 2004, @11:57PM (#10186277)
            The essence of SenderID was obvious to a lot of people long before Microsoft decided to patent it. SPF, on which it's based, came from Meng Wong. There were the earlier RMX proposals from Hadmut Danisch, as well as another from Feyck, and another from Green. Paul Vixie had proposed a similar mechanism as early as the mid 90's. A lot of other people (myself included) independently hit upon roughly the same idea.

            Basically, the problem is MS went ahead and patented something which had been proposed, in writing, by a lot of people (and perhaps simultaneously by Microsoft people), and now they're trying to restrict its use. We're not asking for generosity here. Whatever the USPTO says, MS didn't really invent this stuff, so they have no moral right (even if they now have a legal right) to dictate terms. Not asking for handouts, just fair play.
            [ Parent ]
          • Re:Bah by Sunnan (Score:2) Wednesday September 08 2004, @10:09AM
        • Re:Bah by afd8856 (Score:2) Wednesday September 08 2004, @04:43AM
      • Re:Bah (Score:5, Informative)

        by mvdwege (243851) <mvdwege_public@myrealbox.com> on Tuesday September 07 2004, @10:29PM (#10185807)
        (http://slashdot.org/)

        Nope, sorry. They even manage to break that standard.

        Not in really harmful ways, that must be admitted, but still, MS does not implement TCP/IP correctly. The example that comes to mind is the way they make sure all packets coming from an MS OS are high priority (I haven't got the technical docs right here, they're 50km away, but it has to do with marking them as coming from interactive sources), thus breaking one of TCP/IP built-in Quality-of-Service mechanisms.

        So even something as basic as TCP/IP they manage to mess up. This is not very conducive to their trustworthiness.

        Mart
        [ Parent ]
        • Re:Bah by interim_descriptor (Score:1) Wednesday September 08 2004, @12:07AM
          • Re:Bah (Score:5, Informative)

            by ortholattice (175065) on Wednesday September 08 2004, @02:10AM (#10186843)
            Could you please cite your evidence this claim? I don't doubt it, but it'd help your argument, as well as help educate people such as myself who hadn't heard of this before.

            According to Unix Administration Handbook, 3rd ed.:

            "Linux pays attention to the type-of-service (TOS) bits in IP packets and gives faster service to packets that are labeled as interactive (low latency). Jammin'! Unfortunately, brain damage on the part of Microsoft necessitates that you turn off this perfectly reasonable behavior."

            "All packets originating on Windows 95, 98, NT, and 2000 are labeled as being interactive, no matter what their purpose.... If your Linux gateway serves a mixed network of UNIX and Windows systems, the Windows packets will consistently get preferential treatment. The performance hit for UNIX can be quite noticeable."

            In other words, MS's TCP/IP just hogs the network unconditionally with highest priority, forcing others to do the same if they want any throughput. It makes sensible prioritizing of network traffic flow based on the TOS bits impossible, and essentially renders them useless. One could speculate they did this because they wanted to claim "improved performance" in a mixed Windows/Unix environment, or possibly it was just incompetence or laziness on the part of their programmers. On the other hand, it's not like they set them to a random priority, but instead chose "highest", which makes you think they were just being the bullies on the block to get what they wanted with complete disregard to others and certainly with no spirit of cooperation.

            [ Parent ]
            • Re:Bah by Keeper (Score:3) Wednesday September 08 2004, @02:39AM
              • Re:Bah by IgnoramusMaximus (Score:2) Wednesday September 08 2004, @05:07AM
              • Re:Bah by gbjbaanb (Score:2) Wednesday September 08 2004, @06:26AM
              • Re:Bah by IgnoramusMaximus (Score:2) Wednesday September 08 2004, @10:17AM
              • 6 replies beneath your current threshold.
            • Re:Bah by ApolloDS (Score:1) Wednesday September 08 2004, @05:06AM
              • 1 reply beneath your current threshold.
          • Re:Bah by mvdwege (Score:1) Wednesday September 08 2004, @10:37AM
        • Re:Bah by Anonymous Coward (Score:3) Wednesday September 08 2004, @01:21AM
      • No. by Anonymous Coward (Score:1) Tuesday September 07 2004, @11:51PM
      • Do you mean TCP or do you mean IP by Gnavpot (Score:3) Wednesday September 08 2004, @02:56AM
      • 1 reply beneath your current threshold.
    • Re:Bah by DenDave (Score:1) Wednesday September 08 2004, @03:38AM
    • I disagree by fadir (Score:1) Wednesday September 08 2004, @06:56AM
      • Re:I disagree by jedidiah (Score:3) Wednesday September 08 2004, @09:35AM
    • 1 reply beneath your current threshold.
  • divide and conquer (Score:4, Interesting)

    by flacco (324089) on Tuesday September 07 2004, @09:44PM (#10185467)
    look forward to MS accommodating an open source implementation, while freezing out a GPL-compatible implementation.
    • Re:divide and conquer by garcia (Score:2) Tuesday September 07 2004, @09:58PM
      • Re:divide and conquer (Score:4, Interesting)

        by flacco (324089) on Tuesday September 07 2004, @10:15PM (#10185711)
        Be happy that an open source implementation came out of them. You don't use Apache software because it's not GPL'd? That's a bit rough don't you think?

        i didn't say anything about relative merits of open source vs. free software - just that i suspect one of ms's eventual tactics is to isolate free software. they've indicated as much in past statements.

        [ Parent ]
      • Re:divide and conquer by Derkec (Score:1) Tuesday September 07 2004, @10:37PM
      • Re:divide and conquer by Sircus (Score:2) Wednesday September 08 2004, @06:56AM
    • Re:Agreed by black mariah (Score:1) Tuesday September 07 2004, @10:29PM
    • 1 reply beneath your current threshold.
  • In other news... (Score:5, Funny)

    by overbyj (696078) on Tuesday September 07 2004, @09:44PM (#10185471)
    Could Microsoft be considering an Open Source license for Sender ID?

    There are rumors of a massive cold front moving towards Hell. Forecasters are predicting temperatures may drop to below 32 degrees F. Stay tuned for more up to date info.
  • Does it matter? (Score:5, Funny)

    by Dancin_Santa (265275) <DancinSanta@gmail.com> on Tuesday September 07 2004, @09:45PM (#10185477)
    (Last Journal: Friday December 24 2004, @08:49PM)
    If Apache refuses to accept this technology, then it is dead in the water. There aren't enough IIS servers to make a signficant dent in spam even with this technology.

    Personally, I'd love it if technology were judged on the content of its character rather than the character of its creator, but this is not a perfect world and fanatics on both sides of the aisle pass up good ideas that come from the "wrong" side all the time.
  • THIS IS JUST THE THING (Score:2, Interesting)

    by drsmack1 (698392) * on Tuesday September 07 2004, @09:46PM (#10185487)
    I'm tired of filtering through the mountains of spam my users get everyday. There can be no legal recourse - the solution must be technological. I see this as a good thing.
  • Not to bash Microsoft but... (Score:3, Interesting)

    by chrispyman (710460) on Tuesday September 07 2004, @09:47PM (#10185493)
    SenderID really doesn't seem like that much of an improvement over SPF. Then you factor in the problem of licensing and you see how much of an big problem this really is. Even if you do get it accepted as some open source license (even the *gasp* GPL), I think we have way too many zealots/MS bashers working for the open source projects who wouldn't want to implement this.
  • MS - OS (Score:5, Insightful)

    by StevenHenderson (806391) <stevehenderson@g ... .com minus punct> on Tuesday September 07 2004, @09:48PM (#10185512)
    Microsoft might as well let SenderID go open source. It would make their jobs easier. Less spam = less viruses = less need for frequent updates and less load on Hotmail servers. Am I wrong?
    • Re:MS - OS by LoudMusic (Score:3) Tuesday September 07 2004, @10:24PM
      • Re:MS - OS by Maddog2030 (Score:1) Tuesday September 07 2004, @11:13PM
      • 1 reply beneath your current threshold.
    • Commerce Solutions with Technology! (Score:5, Insightful)

      by toupsie (88295) on Tuesday September 07 2004, @11:57PM (#10186276)
      (http://127.0.0.1/)
      And less money selling software and services. Microsoft makes money off the issues that face their users with their products. SMS [microsoft.com], MOM [microsoft.com] and ISA [microsoft.com] are few examples of products that help manage, update, monitor and protect Microsoft's other products. And they make good coin for selling and consulting those "added value" products. You can dupe most of these in linux with nagios, apt-get/emerge/up2date, snort, squid and ip tables but you don't get a nice guy from Microsoft that will hold your hand and tell you its alright you don't understand why it doesn't work exactly like the manual says. You get flamed on a message board and told to RTFM. Plus the Microsoft guy will buy you lunch!

      I wonder if SenderID might require some old Exchange installs to be upgraded. When I tried searching Microsoft's web site for "SenderID Exchange 5.5", I got one link. Items I should consider when building "Commerce Solutions with Technology". So I am taking that as a yes. Cha-ching, Microsoft...Commerce Solutions with Technology at work!

      [ Parent ]
    • Re: Good! Free market mechanics at work by Alwin Henseler (Score:2) Wednesday September 08 2004, @05:56AM
  • by Anonymous Coward on Tuesday September 07 2004, @09:49PM (#10185516)
    Someone is always ready and eager to play the part of Charlie Brown.

    "But maybe they are serious this time!"

    "MS isn't ALWAYS evil" ...
  • Battle Tactics (Score:5, Insightful)

    by N5 (804512) on Tuesday September 07 2004, @09:56PM (#10185575)
    This could just be a tactic by Microsoft to push their software. Think about it, a somber looking Balmer (if that's even possible) saying "We tried to negotiate with the OSS community, but because of their ignorance we wern't able to come to an agreement"

    Of course, at the same time they will start more FUD sites touting the benifits of Sender ID and why it will ONLY run on their software.
    • Re:Battle Tactics (Score:5, Informative)

      by zurab (188064) on Tuesday September 07 2004, @11:46PM (#10186229)
      This could just be a tactic by Microsoft to push their software. Think about it, a somber looking Balmer (if that's even possible) saying "We tried to negotiate with the OSS community, but because of their ignorance we wern't able to come to an agreement"

      I don't know what the exact market numbers are, but fortunately, Microsoft is not in a position to do that. More importantly, they have to prove how SenderID will actually stop spam - it won't - spammers will use SenderID, and spammer-happy ISPs will gladly provide the service.

      Also, keep in mind that SenderID is just a specification. We are talking about implementations of a specification. We are talking about licensing a specification on how to get a list of servers allowed to send mail!

      The problem is that there are several software patents associated with SenderID (thank you USPTO!), and therefore it is nothing but a legally crippled piece of paper. Imagine if HTTP, SMTP, POP3, etc. were patented and held hostage by several companies who did not allow any open source implementations - where would they be today? Nowhere, probably replaced by different protocols that had non-crippled specifications.

      Of course, at the same time they will start more FUD sites touting the benifits of Sender ID and why it will ONLY run on their software.

      You won't have to look far for that. Just look at the SenderID FAQ:

      Q5: What do I need to do for binary and/or source code distribution?
      A5: Many open source licenses require you to include copyright notices distributed in the code itself identifying the authors of the code being distributed. Some open source licenses also require you to include the license under which you received the code with the code that you distribute so that downstream users of the code are made aware of the terms and conditions under which they can use the code. Microsoft does not require any notice or other attribution when you disclose or distribute your implementation in binary form.

      Look at them touting themselves for not requiring copyright notices for an implementation of a specification while open source licenses require those for actual programs. Just a piece of MS' usual FUD propaganda.
      [ Parent ]
    • 2 replies beneath your current threshold.
  • Prior art by Eric Raymond (Score:5, Informative)

    by bstadil (7110) on Tuesday September 07 2004, @09:57PM (#10185584)
    (http://blog.stadil.com/)
    The Linux show just finished and this was discussed in length. Eric was on the show and it turn out that the Patent that MS is claiming has prior art by Eric himself.

    Head on over and listen in [thelinuxshow.com].

    • Re:Prior art by Eric Raymond (Score:5, Funny)

      by Soko (17987) on Wednesday September 08 2004, @12:20AM (#10186385)
      (http://arstechnica.com/journals/linux.ars)
      Eric was on the show and it turn[sic] out that the Patent that MS is claiming has prior art by Eric himself.

      *sigh*

      Just when we thought ESR's ego couldn't get any bigger...

      Soko
      [ Parent ]
    • extracts of email sent to ESR (Score:4, Informative)

      by wayne (1579) <wayne@schlitt.net> on Wednesday September 08 2004, @12:26AM (#10186415)
      (http://libspf2.org/ | Last Journal: Saturday August 18 2001, @06:31AM)
      Here are parts of the email I sent Eric last week about the fetchmail vs SenderID patent.
      Yakov Shafranovich (the former chair of the IRTF's ASRG) did some digging for prior art and turned up quite a bit. One of the examples that he gave was fetchmail.

      I just realized that another way to look at this is not that fetchmail is prior art, but that if the MS patent goes through, fetchmail will be infringing on MS's patent and you will need to get a license from MS to continue to distribute fetchmail.

      Mind you, lawyers from places like the OSI, FSF and the Apache Software Foundation have found MS's SenderID license to be incompatbile with various F/OSS licenses, including the GPL. So, if you don't want to run the risk of MS sueing you, you will not only have to get a license from them, but you will need to change your license.

      Yeah, there *is* a chance that the USPT might reject MS's license because of the prior art, but, gee, we both know what the chances of that happen are.

      Messages of interest to you include:

      http://www.imc.org/ietf-mxcomp/mail-archive/msg039 39.html [imc.org] http://www.imc.org/ietf-mxcomp/mail-archive/msg039 30.html [imc.org]

      In a followup, I wrote:
      In <20040903064727.GE4436@thyrsus.com> "Eric S. Raymond" [snip] writes:

      > wayne <wayne@midwestcs.com>:
      >> Yakov Shafranovich (the former chair of the IRTF's ASRG) did some
      >> digging for prior art [on PRA] and turned up quite a bit. One of the examples
      >> that he gave was fetchmail.
      >
      > Oh, that *is* interesting. So why back down? Let's fight Microsoft on this.

      Oh, I just realized. If MS's patent goes through, you (and all distributors of fetchmail) will not be able to get a SenderID license from Microsoft to keep you from risking being sued by MS.

      Not only does fetchmail not implement all required aspects of SenderID (a requirement of the license), but fetchmail's use of header checking appears to be used for different purposes than implementing SenderID. MS's license only covers SenderID usage. You will have to negotiate directly with MS to see if they will permit you, and all users of fetchmail, to continue using the functionality that you have had for years.

      And, in one more followup, I mentioned:
      I had missed interesting detail when I first read the following post by Matt Sergeant:

      http://www.imc.org/ietf-mxcomp/mail-archive/msg040 45.html [imc.org]

      I pressed [Craig Spietzle of Microsoft]: "Will you fix the license?". I never really got a confirmed yes or no, but my feeling was "no" when we ended the conversation. I suggested that they give their IP to the IETF (such as I believe there is precedence of - I know that IBM has committed patents to the public domain before in a similar act of openness), to which I was told that Craig believed this was a reasonable idea, but that Bill Gates himself had vetoed that idea because of the current focus on patent gathering and IPR issues at Microsoft.
      [ Parent ]
  • by chatgris (735079) on Tuesday September 07 2004, @09:57PM (#10185591)
    (http://www.chatgris.com/)
    I hate patents as much as the next guy... and even more when they are in the hands of a convicted monopolist.. But on the idea of a patented SPF system, consider this.

    Wouldn't a patent on a mail mechanism be the perfect legal method of reducing spam? If the patent was held by a benevolent enough organisation, they could revoke spammers rights to use the patented methods to send spam, and not need to worry about new laws being passed.

    I know, it has plenty of options for abuse.. but done correctly, it would put the law into the hands of the people receiving mail when it comes to suing spammers..

  • by aardwolf204 (630780) on Tuesday September 07 2004, @10:02PM (#10185616)
    Open Source Initiative [wikipedia.org] - not to be confused with the 7 layer Open Systems Interconnection Reference Model [wikipedia.org].

    At least thats the first thing that came to mind here.

    No matter how hard I try, I cant get to Kevin Bacon within 6 links from any random Wikipedia article.
  • There is no Negotiating (Score:5, Interesting)

    by thogard (43403) on Tuesday September 07 2004, @10:02PM (#10185618)
    (http://web.abnormal.com/)
    Years ago when X.400 was the in thing, Microsoft wanted to own email. The servers, the clients, the messages and collect a per message fee just like the post office.

    Can you explain why they don't think they can do this now?

    Now they have a huge patent base thats building up and they are going to use it to kill off the other options.

    This stuff scares me because its their way of taking control. They were a major player in the Gossip email systems and they lost out to SMTP. Now they have a sneakly way to undo that.

    I'll take spam and forged email over paying MSFT $.25 a message.
  • what is ISC doing? (Score:4, Insightful)

    by timmarhy (659436) on Tuesday September 07 2004, @10:06PM (#10185643)
    the people who need to pull their finger out is ISC, they are the organisation in the best position to be initating the spam solution. think about it, and anti spam solution is going to involve DNS - what the leading DNS server? BIND. IF ISC and sendmail org got together they would have more clout on this issue then MS and be a hell of a lot more trust worthy.
  • SenderID is overhyped (Score:5, Funny)

    by pdamoc (771461) on Tuesday September 07 2004, @10:07PM (#10185647)
    (http://www.sigmacore.net/)

    Could Microsoft be considering an Open Source license for Sender ID?

    I don't know about that but maybe they will release Clippy under an Open Source licence, just to show they care about the movement. :)
  • From what I can tell (Score:5, Insightful)

    by Effugas (2378) * on Tuesday September 07 2004, @10:14PM (#10185701)
    (http://www.doxpara.com/)
    It's basically like this:

    Alot of MS mail environments don't send mail like SPF envisions. Sender-ID basically makes life easier for MS customers. MS is coming to SPF people, saying, heh, can you modify your protocol to be a bit more friendly to our implementations?

    And, since there are actually users behind those mail servers, SPF folks say, sure. Lets talk. Lets see how we can better adapt to your architecture.

    Then MS turns around and says, oh, you want to adapt to us? You'll have to sign these forms.

    At which point, SPF people walk away. They've already got a great way to tell eachother what they need to say, and while they're willing to work with MS, really, Sender-ID really helps MS more than it helps anyone else. A fate where exchange deployments need to either alter their topology or risk getting their mail dropped isn't one that's beneficial to the company.

    Indeed, there are these people called customers that'll handle any intransigence on the part of their vendor. Which, uh, is about what's happening right now.

    I'm not saying this is exactly what's going on. Neither side is monolithic. But this is, at least from the outside, what appears to be happening. Someone on the inside should feel free to correct me.

    --Dan
  • It's all about $$$ (Score:5, Insightful)

    by Dalroth (85450) * on Tuesday September 07 2004, @10:21PM (#10185757)
    (http://slashdot.org/~dalroth/ | Last Journal: Sunday January 04 2004, @05:12PM)
    With millions of dollars in bandwidth costs on the line, and potentially billions of dollars in customer satisfaction, Microsoft may very well want to play nice on this issue. SPAM is a serious problem, and bickering and fighting isn't going to make it go away. Cooperation and hard work will.

    Bryan
    • Re:It's all about $$$ (Score:4, Interesting)

      by mrchaotica (681592) <mrchaotica AT yahoo DOT com> on Wednesday September 08 2004, @02:18AM (#10186871)
      If MS wanted to play nice, they'd just accept SPF.

      No, it really is all about the $$$ -- MS already lost, but they still want a piece of the pie. They might make SenderID open source, but will it be Free? And what happens when they get additional patents for SenderID 2.0?
      [ Parent ]
  • Relevant history (Score:4, Informative)

    by Anonymous Coward on Tuesday September 07 2004, @10:23PM (#10185768)
    Two articles on the history of Sender-ID:
    http://www.circleid.com/article/730_0_1_0_C/ [circleid.com]
    http://www.circleid.com/article/732_0_1_0_C/ [circleid.com]
  • by baximus (552800) on Tuesday September 07 2004, @10:35PM (#10185840)
    Note that they're "negotiating". This is MS we're talking about here...

    "We'll give you a financial boost if you'll fast-track our application to be an OSI-Approved License. Just ignore the incompatibilities, and here's $100k for your trouble."
  • What's to negotiate? (Score:5, Insightful)

    by rhysweatherley (193588) on Tuesday September 07 2004, @10:46PM (#10185901)
    I'm just curious as to what is there to negotiate? Either they license it royalty-free for all fields of use, or it does not belong in an officially-recognised IETF standard. There is no "middle ground" license that will satisfy the community. Patents are, by definition, incompatible with open standards.
  • Open Comment to OSI: (Score:1, Troll)

    by erroneus (253617) on Tuesday September 07 2004, @10:50PM (#10185918)
    (http://slashdot.org/)
    You cannot deal with the devil and win. They want something with which to make more money. And they want your cooperation. They will offer a lot of "free stuff" but since when has it ever amounted to anything but deception from Microsoft. There are countless businesses that have suffered and/or failed due to Microsoft treachery. Some people call it "just doing business." I call it immoral. Slashdot readers might recall what Microsoft did to the ONE cell phone company that made a deal with Microsoft and how badly they got burned where MS forced the company into a breech of contract situation where they lost all rights to the technology they developed for MS. The list is much longer than I know to be sure but that which I do know is already ridiculous.

    If you think for even a MOMENT that MS will not use their patent(s) as leverage against OSI later, you're living in a dream world. Furthermore, it has already been shown that Sender-ID is ineffective. We don't need Sender-ID.
  • Patents != Copyright (Score:5, Informative)

    by pavon (30274) on Tuesday September 07 2004, @10:53PM (#10185942)
    Could Microsoft be considering an Open Source license for Sender ID?

    Well, looks like a good time to clarify the difference between patents and copyright for the benefit of the new blood here on slashdot. They are very different things, and you must understand what the law says before you can develop educated opinions on the law. Copyright is a government issued monopoly on the distribution, and public performance of a specific work and derivatives of that work. Patents on the other hand are a government issued monopoly on the commercial application of an idea. A book is a specific creative act, and thus falls under copyright. A method of building a tractor is an idea, and is thus patentable. You can't have copyright on an idea, and you can't patent a specific work.

    Now onto this specific situation.

    When you talk about open source licenses, you are dealing with copyright. A copyright license grants you specific (often limited) rights to distribute, perform, or modify the authors work. Without a copyright license you do not have the right to do any of these things. Open source software gives people the right to redistribute the work, created derivative works, and redistribute those works (possibly with the restriction that the derivative work must also be open source). However, it requires that if a work is distributed it must be available in a useful form - the original source code.

    Now Caller-ID is not a piece of software - it is a protocol, a standard, an idea, and thus falls into the realm of patent law. A patent license gives you permission to use an idea in your own works. Without a patent license you do not have a right to use the idea in your own work, even if you thought of it by yourself. Microsoft has patented some of the ideas in Caller-ID, so anyone who wants to create an implementation of Caller-ID must get a patent license from Microsoft. The patent license which Microsoft is currently offering for Caller-ID has several issues that make it impossible to use the patented ideas in Open Source software without violating one of the licenses.

    By now you can see what was wrong with the text I quoted - Sender ID is not a piece of software - it is a patented idea, and so it is nonsensical to talk about releasing it under an Open Source (copyright) license. What the submitter should have asked is "Could Microsoft be considering an Open Source friendly patent license for Sender ID".

    That said you can read this post [slashdot.org] if you want to know more about why the current patent license for Caller ID is incompatible with Open Source software.
  • Halloween Documents Anyone (Score:5, Interesting)

    by Anonymous Coward on Tuesday September 07 2004, @11:20PM (#10186104)
    I may have missed any comments regarding this, but has anyone else drawn a connection between Sender ID and Microsoft's plan of "decommoditizing protocols" as referenced in the infamous "Halloween Documents"? 6 years later it seems their plans have remained the same. It'll be very interesting to see if they do come to some kind of agreement with the open source community.
  • by ganhawk (703420) on Tuesday September 07 2004, @11:36PM (#10186176)
    HOMER
    Oh, they have the Internet on computers now!

    MARGE
    Homer, Bill Gates is here.

    HOMER
    Bill Gates?! Millionaire computer nerd Bill Gates! Oh my god. Oh my god. Get out of sight, Marge. I don't want this to look like a two-bit operation.

    Marge groans and rolls her eyes. Bill Gates and two "associates" enter.

    GATES
    Mr. Simpson?

    HOMER
    You don't look so rich.

    GATES
    Don't let the haircut fool you, I am exceedingly wealthy.

    HOMER
    (quietly to Marge) Get a load of the bowl-job, Marge!

    GATES
    Your Internet ad was brought to my attention, but I can't figure out what, if anything, CompuGlobalHyperMegaNet does, so rather than risk competing with you, I've decided simply to buy you out.

    Homer and Marge step aside to talk privately.

    HOMER
    This is it Marge. I've poured my heart and soul into this business and now it's finally paying off. (covering his mouth) We're rich! Richer than astronauts.

    MARGE
    Homer quiet. Acquire the deal.

    HOMER
    (to Gates) I reluctantly accept your proposal!

    GATES
    Well everyone always does. Buy 'em out, boys!

    Bill Gates companions begin to trash the "office".

    HOMER
    Hey, what the hell's going on!

    GATES
    Oh, I didn't get rich by writing a lot of checks!

    Bill Gates lets out a maniacal laugh. Homer and Marge cower in the corner as the room continues to be trashed.

    -from www.simpsoncrazy.com
  • by truth_revealed (593493) on Tuesday September 07 2004, @11:44PM (#10186218)
    in a wrestling ring with no referee and metal folding chairs conveniantly nearby.
  • pgp and domainkeys (Score:3, Interesting)

    by iradik (247593) <ossix@ossiBALDWINx.net minus author> on Wednesday September 08 2004, @12:01AM (#10186302)
    (http://www.ossix.net/)
    A solution to stopping spam is outlined here:

    http://antispam.yahoo.com/domainkeys [yahoo.com]

    I picked up this link from here:

    http://www.pgp.com/resources/ctocorner/cryptoandsp am.html [pgp.com]

    This was a discussion about how pgp alone will not stop spam but how yahoo domain keys might. Due to domainkeys ability to actually verify the domain the e-mail is being sent from.
    • Re:pgp and domainkeys (Score:4, Insightful)

      by Anonymous Coward on Wednesday September 08 2004, @12:25AM (#10186414)
      Yeah, everyone will be crying in their beer when Yahoo's (lesser of several evils) DomainKeys starts being used to control access to Yahoo's large spookable herd of eyeballs.

      I have said this before - anyone (Yahoo, HotMail, gmail, MS*) who has large numbers of mail boxes that people want to reach can be billed. How? By Signing outgoing mail you are certifying that _you_ have sent that mail - all yahoo has to do is count the number of mails signed by domain example.com and then autoforward a weekly/monthly bill to the email address in the whois system for domain example.com

      You say, never gonna happen, people won't pay, they won't get the billing email - it won't matter to Yahoo - they send bills, if they don't get paid they just blacklist that cert/domain.

      The big email box herders would have no reason to do this if Yahoo!DomainKey (tm) is widely deployed. If you disargee please explain why they wouldn't do it.
      [ Parent ]
      • 1 reply beneath your current threshold.
  • I'll believe it when I see it. (Score:5, Informative)

    by wayne (1579) <wayne@schlitt.net> on Wednesday September 08 2004, @12:35AM (#10186462)
    (http://libspf2.org/ | Last Journal: Saturday August 18 2001, @06:31AM)
    Dan Quinlan (of Spamassassin/ironport) has been working with Larry Rosen (a lawyer for OSI) and Eben Moglen (a lawyer for FSF) for months now. *VERY* little progress has been made, even when it was clear that SenderID would be at risk of not being advanced by the IETF to RFC status. I have *VERY* little hope that Microsoft will make the required changes to their license to be compatible with Free/open source software.

    Insight into the current situation can be found in a post by Matt Sergeant (Spamassassin/messagelabs):

    http://www.imc.org/ietf-mxcomp/mail-archive/msg040 45.html [imc.org]

    I pressed [Craig Spietzle of Microsoft]: "Will you fix the license?". I never really got a confirmed yes or no, but my feeling was "no" when we ended the conversation. I suggested that they give their IP to the IETF (such as I believe there is precedence of - I know that IBM has committed patents to the public domain before in a similar act of openness), to which I was told that Craig believed this was a reasonable idea, but that Bill Gates himself had vetoed that idea because of the current focus on patent gathering and IPR issues at Microsoft.
  • MS record in DNS? (Score:2, Interesting)

    by AnuradhaRatnaweera (757812) on Wednesday September 08 2004, @01:22AM (#10186666)
    (http://anuradha-ratnaweera.blogspot.com/)

    How about introducing a new MS record (not Microsoft ;-)) to point to Mail Senders? MX server(s) can continue to be the mail recepient(s). This gives the control to more distributed DNS system rather than a single company.

    Mail servers need to accept mails from a domain only if they are coming from the MS servers for that domain.

    This is not a novel idea. Most mail sersvers have a configurable feature to accept mails only from MX servers for that domain anyway.

  • by btbo (769556) on Wednesday September 08 2004, @02:37AM (#10186934)
    I still haven't heard what's wrong with SPF. The only thing seems to be that a decision has to be made that `we' all support it. So if we just take that decision, at some point MS has no choice but to follow, putting them back where they belong, in the back seat.
  • What Microsoft is considering (Score:3, Insightful)

    by hopethishelps (782331) on Wednesday September 08 2004, @04:32AM (#10187293)
    Could Microsoft be considering an Open Source license for Sender ID?

    I can't tell you what the worker bees at Microsoft are considering, but I can tell you what the movers and shakers at the top are considering. They're considering what course of action will do the most harm to the Free Software community in general, and people's perception of the GPL in particular. When they think they've figured out what that course of action is, they'll tell the troops to do it.

    • 1 reply beneath your current threshold.
  • by Oestergaard (3005) on Wednesday September 08 2004, @04:50AM (#10187343)
    (http://unthought.net/)
    The license better be open - as in, "everyone" can use it. Not just open source projects.

    Sure, if open source projects can't use it freely, it's stillborn. But it's almost equally important that ISVs can adopt it as well, without paying MS patent tax.

    E-mail is such a fundamental part of what we do with the internet nowadays, that even if MS themselves and all open source projects can use this, it will still hurt an absolutely enormous amount of products and companies, if the license is not truly "open" (free for use, for any purpose what so ever, no strings attached).

    Hmm... Somehow I just doubt that this is what the OSI or MS wants ;)
  • by GuyFawkes (729054) on Wednesday September 08 2004, @06:19AM (#10187552)
    (http://www.google.com/intl/xx-hacker/ | Last Journal: Thursday August 05 2004, @04:50AM)

    All this talk of various new(?) protocols and tags is pure FUD and bullshit.

    spam can be eradicated (99%) in 48 hours, this was true years ago when I used to hang out on nanae and it is still true today, because 99% of spam originates from companies with "pink" (no AUP) connectivity / IP block contracts that typically pay the provider several times the market rate per IP / Gb of bandwidth.

    I could go out today and buy a block of 255 IP addresses on an OC3 and stick 72U of servers behind it sending out spam 24/7, and NOT lose my connectivity....

    Sure, it might suck if you have a close IP to mine and SPEWS lists the company that is providing connectivity to both you and me, but at the end of the day money talks.

    And at the end of the day there is more money in marketing (globally) than even bill g can dream of.

    _NOTHING_ short of an equivalent to the usenet death penalty (which is different because fuck all providers make 1 cent out of usenet, for 95% of them it is a loss making service bundled with http / smtp etc) SPEWS style will ever stop spam.

    As far as OSS goes as far as I can see there is only one way to make this work, and that is to use an electronic analogy of what I do at home.

    I get junk (snail) mail every day, lots of it comes with pre-paid return envelopes, most of it doesn't.

    The stuff advertising local firms tends not to have pre-paid envelopes, that national stuff tends to have pre-paid envelopes. So I sort my junk mail into local and national, takes about 3 seconds.

    The local stuff I just throw out into the street to blow around and litter the place, the residents get pissed off, the council gets pissed off, clear plastic bags containing samples of the litter get placed on council meeting tables and the companies whose names are on said bits of paper get a hard time from the council and everything from business rates increases to bills to clean up litter.

    The national stuff I just stuff into the prepaid return envelopes, just not the right envelopes, so each company gets an envelope full of some other companies junk mail, and pays for the postage.

    Result, I now get about 4 pieces of junk mail per week, it DOES work IF you work at it for a year or two.

    I see a similar thing in the OSS community as being the only solution, it takes a little bit of care to eliminate the joe-jobbed return addresses, but all you need is a spam filter that directs spam back to other spammers addresses, and if they have no smtp ports open then try to send it to them on port 80 every second for 24 hours.

    Yes I ___AM___ advocating DDoSing the cunts off the net, because when spam starts costing spammers money and denial of THEIR services they will stop, not before.
  • do NOT dance with this devil! (Score:3, Insightful)

    by tweedlebait (560901) on Wednesday September 08 2004, @06:48AM (#10187671)
    We know already that SID doesn't comply in spirit with the internet we know and love.

    We know spammers are already lined up and using SID, so the system is already polluted. "ya want validated spam with that?"

    MS doesn't want OSS/Linux/etc. They have made that quite clear. Right now they need us to support this or the whole thing fails- or they start an apache war or something. MS has enough control already. IMHO they should have no say-so about my email.

    Some persons at ms are getting *paid* to deploy this successfully & quickly and they will try very hard to do so. This includes convincing everyone else to support it. (for free?) Hold the ropes boys and girls.

    Why would the OSS community care about supporting something that is IP encumbered by ms and in litigation, broken, basterdized, and infested with spammers already? err .. and its by our trustworthy future thinking pal microsoft.

    So IIRC if they flick the switch on this thing hotmail and msn will be crippled and only work with SID friendly systems. Boo Hoo. maybe hotmail users will complain to ms since they won't be able to complain to me!

    Look-- Every time ms does something like this eg: tcp/ip, kerberos, iis,ie,outlook, etc. it's a train wreck of decaying squid parts. Learn from the mistakes. If they need support for SID stall them:
    Tell them you'll put it on an Action List or you'll do it as soon as 'counsel gives you the green light'. Tell them you use drugs and therefore cannot be trusted with such thigs until rehab! or Just lie! They'll never expect it! Better yet make them believe it will soon be supported!

    Anyway I hereby claim my disgust and lack of support for sender id and beg all the developers working so hard on interesting things being bothered to support this to not waste their time and keep on inventing.

    Thank you.

  • Debian -- Who Cares? (Score:2, Interesting)

    by Anonymous Coward on Wednesday September 08 2004, @07:46AM (#10187984)
    This isn't meant to be a troll, but honestly, who other than the Debian folks care that they opted not to adopt Sender-ID. I understand they "represent" the purity of libre software, but there's plenty of things they haven't added to their distro based upon their ideologies. Furthermore, it's not as if they would be writing the software. If they want to patch it to remove support from upstream, fine, but that hardly is a threat to Sender-ID (software that wouldn't make it to Stable for a couple years anyway). So, it seems to me this is all a bunch of self-righteousness, and the fact Debian doesn't want to play really is insignificant. If I'm off-base though, please answer the original question and set me straight.
  • No one cares... (Score:1)

    by denisdekat (577738) on Wednesday September 08 2004, @09:37AM (#10188814)
    (http://www.photoplankton.com/)
    I should say few, as it seems that few to no one cares here in the US about all the voting weirdness in the last couple years (remember Florida)...

    I live in SF, during some of the last elections there has been things like not enough ballots, boxes of ballots found in the Bay, etc... It goes on, and I am curious about other areas...

    I think people do not care about their rights in the US, most folks I know take them for granted. Hard to believe our previous generations fought so hard for it, because todays generation seems dumb about it. Maybe if we lost the right to vote for a couple years, folks would realize what an important issue it is...

    In any case, whether it works or not, people will not care and move on as they are pacified with comforts

    http://www.cancelcable.org/ [cancelcable.org]


  • Re:MS Open Source Paradox (Score:5, Informative)

    by FuzzzyLogik (592766) * on Tuesday September 07 2004, @09:48PM (#10185509)
    (http://www.unlogikal.net/)
    Apple actually uses a ton of open standards.

    • They use an open standard for their iCal calendar files.
    • They will use Jabber as a backend on the server version of Tiger for iChat within the local network.
    • On the subject of ical it allows syncing through webdav, which is open.
    • Darwin - the OS X kernel is open source

    And I'm sure others can chime in on more as i'm not totally familiar with all the stuff they use. but they seem to have embraced open source fairly heavily.
    [ Parent ]
  • by leviathanap (783802) on Tuesday September 07 2004, @09:52PM (#10185545)
    (http://www.apstudent.com/)
    And you got me there. I conced that point.

    Yet, we still see Apple being ultra-hyper-super-protective of their other works, like the iPod firmware, etc.

    [ Parent ]
  • I expect we would see Apple going open source just as soon as Windows does.

    http://www.opensource.apple.com/darwinsource/10. 3. 5/

    http://www.theregister.co.uk/2001/06/21/commie_c el l_in_ms_secretly/

    http://www.zpok.demon.co.uk/ (about halfway down)
    [ Parent ]
  • 8 replies beneath your current threshold.