[hashcash] Re: Microsoft apparently scuppers their own standards

• From: Hubert Chan <hubert@xxxxxxxxx>
• To: hashcash@xxxxxxxxxxxxx
• Date: Fri, 27 Aug 2004 19:41:43 -0400

>>>>> "Hal" == "Hal Finney" <hal@xxxxxxxxxx> writes:

Hal> There are three proposals getting widespread attention, with
Hal> overlapping names and technology: SPF (Sender Policy Framework, aka
Hal> Sender Permitted From), Microsoft's SenderID (aka "Caller ID for
Hal> Email"), and Yahoo's DomainKeys.

Hal> SPF and SenderID, from a distance, are almost the same.  In fact
Hal> the proposals got merged.

AFAIK, Microsoft's original proposal was called CallerID, and the
merged proposal is called SenderID.

Hal> They both propose to use DNS records to list which mail servers are
Hal> allowed to send mail purporting to come from a particular host.
Hal> Much spam these days fakes the "from" address in a really obvious
Hal> way; when you look at the mail headers you see something claiming
Hal> to come from your best friend and it actually came from a server in
Hal> Russia or somewhere.  SPF and SenderID would stop this kind of
Hal> spam.  However they have problems with people who have legitimate
Hal> needs to send mail from a wide variety of mail servers (what Eric
Hal> called "legitimate forgeries", although I'm not sure that's the
Hal> best phrasing!).

SPF prevents forgery of the envelope-from (which is usually seen in the
Return-Path header), not the From header.  (Envelope from is what gets
sent to the mail server during the SMTP negotiation.)

Hal> DomainKeys is completely different and involves cryptographic
Hal> signatures.  I don't know much about it.

Me neither.

Hal> Microsoft says they may have patents pending on SenderID, and the
Hal> recent dispute has been about the nature of the patent license
Hal> which Microsoft is offering.  It is a relatively generous license,
Hal> as patent licenses go, but it is not completely free as the open
Hal> source community requires.

or as a standard would/should require.

Hal> What most commentators seem to be missing is that people can't just
Hal> tell Microsoft to get lost and proceed with SPF.  The proposals are
Hal> so similar that it is likely that some of Microsoft's patent
Hal> applications will cover SPF. ...

I don't know.  SPF seems pretty obvious, and people have been talking
about similar things for quite a while (e.g. RMX).  I can't see any
patent holding up if it really does apply to SPF.  But then, that's
without knowing anything about what patents Microsoft has or is
applying for.

-- 
Hubert Chan <hubert@xxxxxxxxx> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

• References:
  • [hashcash] Re: Microsoft apparently scuppers their own standards
    • From: "Hal Finney"

Other related posts:

• » [hashcash] Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards
• » [hashcash] Re: Microsoft apparently scuppers their own standards

1. Home
2. hashcash
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---