Taking a Look Behind the Sender ID Stir

Internet standards must be open. That’s the dominant view of the Internet community, so any proposal for an Internet standard that contains someone’s intellectual property has a good chance of being rejected.

If feelings run high when it comes to proposing an IETF standard which includes proprietary technology, many people in the open source community start seeing red mist when the company making intellectual property claims happens to be the eight hundred pound Microsoft gorilla.

This is essentially a political argument, but underpinning it is the contentious issue of software patents…

This lesson has just been learned by the MTA Authorization Records in DNS (MARID) working group of the Internet Engineering Task Force (IETF) (define), which is trying to create standard to fight email address spoofing based on a framework called Sender ID.

So what was all the fuss about? Essentially, two similar authentication technologies – Meng Weng Wong’s Sender Policy Framework (SPF) (define) and Microsoft’s Caller ID for Email – were merged in June to create the Sender ID specification. The problem is that Microsoft has filed an intellectual property rights claim for Caller ID and says that its claim is covered in one of the three documents which make up the Sender ID specification. To compound the problem, the Redmond giant is unable or unwilling to specify what the claim or claims are.

On the face of it, the problem should be mitigated by the fact that Microsoft has agreed to licence its intellectual property on a royalty free, non-discriminatory basis, (effectively a free version of a RAND – reasonable and non discriminatory – license) and Andy Newton, co-chair of the MARID working group says that even though many members of the open source and free software community object to the inclusion of intellectual property in an Internet standard, including such leading lights as Richard Stallman, founder of the Free Software Foundation and the GPL (General Public Licence) (define) for software, he thought these licensing terms should be satisfactory enough.

“Personally, I don’t understand what Stallman’s issues are,” says Newton. “This is certainly not the first time that the IETF has dealt with intellectual property in standards. Companies like Cisco and others have repeatedly said that they have patents that apply to open standards. They say ‘we have the patent, but the licence is free.’ Ultimately, it’s up to each working group to decide its position on standards and whether licensing IP is right. There are some standards which even require royalties to be paid.”

But, as has already been reported on this web site and elsewhere, many leading open source organizations including the Apache Software Foundation, the FSF, and the Debian project have rejected the terms of the free license that Microsoft is offering, highlighting the issue of whether the license is transferable, and whether any one receiving open source software which makes use of a Microsoft royalty free license can subsequently modify the code and redistribute it without having to sign a license themselves (in other words, sub-licensing). If not – and this is how the license been interpreted – then this is contrary to the principles of open source software. Microsoft was unable to find someone to clarify this point for this article despite repeated requests for the information.

Whatever the objections to Microsoft’s particular licensing terms, this whole issue is really about something much more fundamental: the very strongly held conviction that Internet standards “ought” to be entirely open, free for anyone to use, owned by the community as a whole (or by nobody) and not subject to intellectual property claims from any company, especially, in many peoples’ eyes, Microsoft. ‘The open source community contributes a huge amount to the infrastructure of the Internet, so why should businesses like Microsoft start making it proprietary?’ goes the argument.

This is essentially a political argument, but underpinning it is the contentious issue of software patents, which are additional to the copyright protection that any specific software implementation enjoys as soon as it is created. “Patenting software (like Microsoft is attempting to do with parts of Sender ID) is a very bad idea,” says Linux kernel developer Rik van Riel. “With software, patents last 18 years but the product lifecycle is only about two years for most software, and interoperability is usually crucial. So with a patent you are forbidden for ten times the lifetime of a product from making it compatible with a competitor’s product.”

With a pharmaceutical product, patenting provides an incentive for companies to invest in medicine, and after the patent expires the chemical is still useful and anyone can make and sell the chemical. Everyone benefits from new medicines. “But software patents don’t seem to benefit anyone except the patent holders,” says van Riel.

And so to the predictable upshot of this affair.

Despite his view that intellectual property can sit happily within an Internet standard, Newton also understands that a standard, such as Sender ID, that doesn’t have widespread support because of an intellectual property claim by a third party is never likely to become widely adopted. On September 11 he announced that “the patent claims should not be ignored. Additionally, there is at least rough consensus that the participants of the [MARID] working group cannot accurately describe the specific claims of the [Microsoft] patent application. This stems from the fact that the patent application is not publicly available. Given this, it is the opinion of the co-chairs that MARID should not undertake work on alternate algorithms reasonably thought to be covered by the patent application.”

Chalk that up as another victory for the open source movement and a delay for a standard to help fight email address spoofing. The spammers, no doubt, will be rubbing their hands with glee.

Paul Rubens
Paul Rubens
Paul Rubens is a technology journalist specializing in enterprise networking, security, storage, and virtualization. He has worked for international publications including The Financial Times, BBC, and The Economist, and is now based near Oxford, U.K. When not writing about technology Paul can usually be found playing or restoring pinball machines.

Latest Articles

Follow Us On Social Media

Explore More