[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DEPLOY: Prior Art for Sender-ID (was Re: DEPLOY: SPF/Sender ID support in Courier.)
Looking through my old asrg summary/archive , I find the the following message
from archives talks about checking both "From:" and "Sender:" headers:
http://www1.ietf.org/mail-archive/web/asrg/current/msg04684.html
I can't find anything going futher (i.e. including Resent headers), but
I would not be surprised if somebody posted about that too. Please go
through archives on that thread.
Also, unrelated to this group but of interest is this prior work on header
cryptographic signatures for email messages (I believe this supercedes
any claims Yahoo or others may make about this method):
http://www.chaoszone.org/misc/spam.html
P.S. I believe the messages from Microsoft people from links below make it
clear that they had used prior work of RMX for Caller-ID (one message
talked about _rmx subdomain even) and had published "responsible sender"
from RFC822 headers idea in the public. If only I had number of the patent
application to check ... but I'd not be surprised if these messages
superceded that application, which means they should not have filed it
considering the idea (which is obvious from email RFCs anyway) was already
disclosed to the public and was based on the existing publicly published
(as IETF draft!) work.
On Tue, 31 Aug 2004, Yakov Shafranovich wrote:
> (This message got stuck originally because of my own stupidity, I am
> resending it to the list)
>
> > Andrew Newton wrote:
> >
> >> 4) You have stated above that you believe Microsoft's claim is
> >> "nebulous" with regard to rights being claimed. Your release notes
> >> state "Implemented Sender Policy Framework checking on the From:
> >> header. Be sure to read the documentation and understand the
> >> implication." Since checking of the From: header is listed in the -pra
> >> document, are you concluding that this is not encumbered by Microsoft's
> >> claim? If so, how did you come to this conclusion?
> >>
> >
> > The ASRG archive runs several thousand messages. They start with a
> > discussion on RMX. There is more than one message in there talking about
> > the use of "From" headers for RMX lookup. If someone has the time to go
> > through it, prior art is certain to be found. Perhaps someone should
> > tell the lawyers.
> >
> > IMHO, in light of the possible prior art, it may be very probably that
> > the potential patent application is invalid or will not approved.
> > Therefore, it might be feasible to ignore the IPR claim all together and
> > preceed with approval of Sender-ID.
> >
> >
> > In any case, for example, here is a is a message posted to the ASRG list
> > on May 7th, 2003
> > (http://www1.ietf.org/mail-archive/web/asrg/current/msg04390.html):
> >
> > -----snip----
> > On Wed, May 07, 2003 at 07:43:10AM -0700, Daniel Erat wrote:
> > > I understand why RMX is not able to examine RFC 822 headers. My point
> > > was that RMX does nothing to curtail the sending of messages with
> > > forged 822 From: addresses. Since this is the only sender address
> > > that most users see, and the address that replies go to (in absence of
> > > a Reply-To: or related header), I disagree with the assertion that
> > > this is not a severe problem.
> >
> > Well, RMX could be used to verify the From: address as well.
> > Feel free to ask your MTA to do another RMX lookup after
> > receiving the message body (and before sending the reply code).
> > If you like it, you can do it.
> > -----snip----
> >
> > Another message as a reply to Bob Atkinson, the author of Caller-ID,
> > talks about parsing "Received" lines:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg04321.html
> >
> > Another messaging discussing headers:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg04591.html
> >
> > A snippet of actual code that compares headers against DNSBLs in the
> > context of the RMX discussion:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg00686.html
> > ===========================================
> > On a related note, here is a message posted on May 5th, 2003 by Bob
> > Atkinson, the author of the Caller-ID draft talking about "domain
> > purportedly responsible for a message:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg04231.html
> >
> > Another message from Bob dated May 6th, 2003 talking about the use of
> > XML for RMX records and enhancing the RMX proposal:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg04302.html
> >
> > Another message talking about "From" headers, also from Bob:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg04333.html
> >
> > Here is a message from another Microsoft employee dated March 6th, 2003
> > regarding RMX:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg00608.html
> >
> > Another few messages from a Microsoft employee critisizing RMX:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg00646.html
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg00671.html
> >
> > ====================================================================
> > If we take a look in RFC 2014, we find the following in section 1:
> >
> > "Participation is by individual contributors, rather than by
> > representatives of organizations."
> >
> > We also find that the ASRG adopted an following IPR policy on June 12th,
> > 2003, requiring disclosure of IPR:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg05378.html
> >
> > At least one message was posted from Bob Atkinson after this policy was
> > adapted without disclosing any IPR information:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg07090.html
> >
> > Here is another one discussing reputation systems from Bob Atkinson on
> > October 31st, 2003:
> > http://www1.ietf.org/mail-archive/web/asrg/current/msg07875.html
> >
> > Frequent readers of the ASRG list will note that Phil Hallam-Baker of
> > Verisign explicitly stated a few times that his company may claim IPR on
> > specific ideas he shared with the ASRG list. To my knowledge, none of
> > the Microsoft employees ever did that.
> >
> > Also, the ASRG list is hosted at the IETF domain. We find the following
> > notice at IETF's mailing list page (http://www.ietf.org/maillist.html):
> >
> > ----------------------------------------------------------------------- ---
> > Any submission to the IETF intended by the Contributor for publication
> > as all or part of an IETF Internet-Draft or RFC and any statement made
> > within the context of an IETF activity is considered an "IETF
> > Contribution". Such statements include oral statements in IETF sessions,
> > as well as written and electronic communications made at any time or
> > place, which are addressed to:
> > the IETF plenary session,
> > any IETF working group or portion thereof,
> > the IESG, or any member thereof on behalf of the IESG,
> > the IAB or any member thereof on behalf of the IAB,
> > any IETF mailing list, including the IETF list itself, any working group
> > or design team list, or any other list functioning under IETF auspices,
> > the RFC Editor or the Internet-Drafts function
> > ----------------------------------------------------------------------- ---
> >
> > The ASRG list maybe considered "any other list functioning under IETF
> > auspices" and posting to it may be considered "any statement made within
> > the context of an IETF activity is considered an "IETF Contribution".
> > However, it is unclear whether IRTF lists fall under that. If the ASRG
> > list does in fact fall under that, than postings to it are considered
> > "Contributions to the IETF" and are covered under RFC 3667 and 3668:
> >
> > Yakov
---
William Leibzon, Elan Networks:
mailto: william@xxxxxxxx
Anti-Spam Research Worksite:
http://www.elan.net/~william/asrg/