[hashcash] Re: Microsoft apparently scuppers their own standards

• From: hal@xxxxxxxxxx ("Hal Finney")
• To: hashcash@xxxxxxxxxxxxx
• Date: Fri, 27 Aug 2004 14:55:13 -0700 (PDT)

There are three proposals getting widespread attention, with overlapping
names and technology: SPF (Sender Policy Framework, aka Sender Permitted
From), Microsoft's SenderID (aka "Caller ID for Email"), and Yahoo's
DomainKeys.

SPF and SenderID, from a distance, are almost the same.  In fact the
proposals got merged.  They both propose to use DNS records to list
which mail servers are allowed to send mail purporting to come from a
particular host.  Much spam these days fakes the "from" address in a
really obvious way; when you look at the mail headers you see something
claiming to come from your best friend and it actually came from a server
in Russia or somewhere.  SPF and SenderID would stop this kind of spam.
However they have problems with people who have legitimate needs to send
mail from a wide variety of mail servers (what Eric called "legitimate
forgeries", although I'm not sure that's the best phrasing!).

DomainKeys is completely different and involves cryptographic signatures.
I don't know much about it.

Microsoft says they may have patents pending on SenderID, and the recent
dispute has been about the nature of the patent license which Microsoft
is offering.  It is a relatively generous license, as patent licenses go,
but it is not completely free as the open source community requires.

What most commentators seem to be missing is that people can't just
tell Microsoft to get lost and proceed with SPF.  The proposals are so
similar that it is likely that some of Microsoft's patent applications
will cover SPF.  Microsoft is apparently unwilling to reveal what exactly
they have tried to patent, and of course there is no predicting which
of their patent claims will be approved.  Getting a patent is a long
and complicated process that often involves a degree of negotiation to
whittle down the claims.  So at this point no one, not even Microsoft,
can say for sure whether SPF will be covered.  Nevertheless my reading
of Microsoft's actions is as a strong hint that SPF will probably be
affected when those patents come out in three or four years.  It is
risky to go forward with SPF in that environment.

Hal

• Follow-Ups:
  • [hashcash] Re: Microsoft apparently scuppers their own standards
    • From: Hubert Chan
  • [hashcash] Re: Microsoft apparently scuppers their own standards
    • From: Atom 'Smasher'

Other related posts:

• » [hashcash] Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards

1. Home
2. hashcash
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---