By Steven Vaughan-Nichols  |  Posted 2004-09-02 Print this article Print

-Source Victory?"> As far as Sendmails open-source Sender ID milter is concerned, Rosen said, "Regardless of whether Sendmail has released what they may call an open-source implementation of the IETFs Sender ID specification for testing on the Internet, the current version of the Microsoft Sender ID patent license is not compatible with open-source licenses." But Eric Raymond, president of the Open Source Initiative, said he does think Microsofts concession is significant. "He [Katz] quoted a promise of a license with no royalties and no requirement to sign an agreement. That looks like victory to me," Raymond said. To read more about the open-source communitys reaction to Microsofts Sender ID license, click here.
Craig Spiezle, director of industry and partner relations in Microsoft technology and strategy team, stressed the licenses royalty-free nature. "Microsoft is committed to working with the industry in a collaborative way to license Sender ID royalty-free," he said. "The technology is available to all interested parties, free of charge, based on widely utilized, industry-standard terms of use."
"Its important to note that a license is not required for those looking to adopt Sender ID by publishing their IP addresses in DNS, as outlined in the Sender ID Framework specification," Spiezle said. "And again, programmers and developers implementing the Sender ID specification in their applications can receive a license to do so entirely royalty-free. For anyone interested in using Microsoft IP outside of the scope of the standard implementation, we encourage them to talk to us about a license," he said. Microsoft has been pushing for Sender ID adoption. The company on Wednesday held a private meeting in Redmond, Wash., with ISPs and e-mail vendors to discuss how they might implement Sender ID. There, according to reports, the crux of the disagreement came out. Is it time for Microsoft to put up or shut up on spam? Click here for a column. In talking with Spiezle, the Microsoft exec seemed to have trouble understanding that "cost was not the issue, and that there was a fundamental incompatibility with open-source licenses," Matt Sergeant, senior anti-spam technologist at managed e-mail security services provider MessageLabs Ltd., wrote in a note to the MARID mailing list. "On the cost issue, I believe that sunk in," Sergeant wrote. "On the incompatibility issue, I dont believe we managed to agree with each other." This fundamental incompatibility, according to Rosen, stems from the widespread treatment of open-source licenses as sublicenseable. "The open-source development and distribution process works as well as it does because everyone treats open-source licenses as sublicenseable, and most of them are expressly so," he said. "Open-source licenses contemplate that anyone who receives the software under license may himself or herself become a contributor or distributor. Software freedom is inherited by downstream sublicensees. "Meanwhile, the Microsoft Sender ID patent license continues the convenient fiction that there are end-users who receive limited rights. That is unacceptable in open-source licenses," Rosen said. Other open-source groups agree with Rosens interpretation. The ASF (Apache Software Foundation) on Thursday announced in a position paper, "The current Microsoft royalty-free Sender ID patent license agreement terms are a barrier to any ASF project that wants to implement Sender ID." "We believe the current license is generally incompatible with open source, contrary to the practice of open Internet standards and specifically incompatible with the Apache License 2.0," the foundation said. "Therefore, we will not implement or deploy Sender ID under the current license terms." For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog. On Aug. 27, Philip Hazel, author of the popular Exim MTA, wrote, "Exim is licensed under the GPL. As the proposed Microsoft IP license is not GPL-compatible, Sender ID cannot be implemented in Exim." Fed up with the lack of progress over these issues, many MARID members are arguing that Sender ID should be abandoned. Still others argue that Sender ID would not be the only IETF standard that comes with patent baggage. For instance, SSL (Secure Socket Layer) is patented by Netscape. In any case, while the debate rages on in the MARID community, Sendmail has implemented what it claims to be an open-source version of Sender ID, without a Microsoft license. And Rosen said he will continue trying to make "the next version of the Microsoft patent license … better." "Im working with Microsofts attorney to help make that happen," he said. Editors Note: Larry Seltzer provided additional reporting for this story. Check out eWEEK.coms Security Center at for security news, views and analysis.

Be sure to add our security news feed to your RSS newsreader or My Yahoo page:  

Steven J. Vaughan-Nichols is editor at large for Ziff Davis Enterprise. Prior to becoming a technology journalist, Vaughan-Nichols worked at NASA and the Department of Defense on numerous major technological projects. Since then, he's focused on covering the technology and business issues that make a real difference to the people in the industry.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel