[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[DMCA-Activists] Microsoft Asserts Patent on Sender-ID Standard
|
From: |
Seth Johnson |
|
Subject: |
[DMCA-Activists] Microsoft Asserts Patent on Sender-ID Standard |
|
Date: |
Wed, 25 Aug 2004 10:51:48 -0400 |
(From Slashdot. Free Software compatibility analysis email
pasted below. -- Seth)
> http://yro.slashdot.org/article.pl?sid=04/08/24/2033217&tid=109&tid=117&tid=155&tid=1
MS Releases License For Sender-ID
Posted by michael on Tuesday August 24, @05:44PM
from the embrace-and-patent dept.
NW writes "Microsoft published today a new license[1] and FAQ[2]
for Sender-ID anti-spam standard[3] being developed by the IETF's
MARID WG[4] (based on SPF[5]). To use the license, a signed
agreement with MSFT is required. Compatability with the Open
Source Definition, the Free Software Definition, the Debian Free
Software Guidelines, and the GPL/LGPL licenses is already in
question[6]."
[1] http://www.imc.org/ietf-mxcomp/mail-archive/msg03496.html
[2] http://www.imc.org/ietf-mxcomp/mail-archive/msg03497.html
[3]
http://www.ietf.org/internet-drafts/draft-ietf-marid-core-03.txt
[4] http://www.ietf.org/html.charters/marid-charter.html
[5] http://spf.pobox.com/
[6] http://www.imc.org/ietf-mxcomp/mail-archive/msg03514.html
---
> http://www.imc.org/ietf-mxcomp/mail-archive/msg03514.html
To: IETF MARID List <address@hidden>
Subject: Re: DEPLOY: Microsoft Royalty Free Sender ID Patent
License
From: Mark Shewmaker <address@hidden>
Date: Tue, 24 Aug 2004 07:02:28 -0400
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
--------------------------------------------------------------------------------
My non-lawyerly conclusion:
===========================
This patent license is incompatible with the Open Source
Definition, the Free Software Definition, the Debian Free
Software Guidelines, and the GPL and LGPL licenses specifically.
What this means:
================
The above incompatibility will severely restrict implementation
and deployment of the standard, which is a problem that can only
be solved by:
1. fixing the license to address all its problems (described
in
detail below),
2. assuming that the nebulous IPR claims are not valid and
thus
ignoring the license requirements completely, or
3. dropping the encumbered IPR from the standard.
We've passed the deadline to fix the license, so (1) is out, and
(2) and (3) are the only potential choices left.
I believe the general consensus here is that the encumbered IPR
at issue is the (obvious) PRA algorithm.
Now even though I personally can't see how the PRA algorithm
could possibly be considered a non-obvious idea, I'm guessing
that enough people and companies will be unwilling to risk their
livelyhood on that stance, which means that fear of lawsuits will
probably keep (2) from being a viable option.
That leaves (3), dropping the algorithm completely.
Dropping that algorithm effectively means going back to
Classic-SPF.
I believe that is what must be done.
I don't know how easily that can be done with the current wording
and breakdown of the standard--perhaps it would be relatively
straightforward since the PRA was pulled out, with just a few
minor edits necessary here and there, perhaps not.
Either way, I believe we have *no choice* in the matter: Like it
or not, SPF-Classic is now effectively the only choice we have.
(Personal Rant: I would have preferred a different solution. My
personal opinion as to the best technical option, were there no
licensing issues to muck things up, would have been some sort of
Unified-SPF with sender_agents included. With Unified SPF and
sender_agents, we'd get Return-Path protection, prevention of PRA
forgeries, and phishing protections--protecting from forgeries
all three things we're out to protect. That would have been just
fantastic, but nothing with a PRA in it is possible now, and that
leaves us with only SPF-Classic.)
The specific problems with the license:
=======================================
1. Issue:
======
Whatever IPR rights you might obtain for yourself
won't extend to everyone who gets a copy of your code.
Source:
=======
o Section 2.[12]'s wording of personal, nontransferable,
and nonsublicenseable,
o The wording under section 2.2.
o The last sentence of section 2.5.
Problems:
=========
o Violates OSD #7, DFSG #7
| Distribution of License
|
| The rights attached to the program must apply to all to
whom
| the program is redistributed without the need for
execution
| of an additional license by those parties.
o Fails Dissident test.
| The Dissident test.
|
| Consider a dissident in a totalitarian state who wishes
to
| share a modified bit of software with fellow dissidents,
but
| does not wish to reveal the identity of the modifier, or
| directly reveal the modifications themselves, or even
| possession of the program, to the government. Any
requirement
| for sending source modifications to anyone other than
the
| recipient of the modified binary---in fact any forced
| distribution at all, beyond giving source to those who
receive
| a copy of the binary---would put the dissident in
danger. For
| Debian to consider software free it must not require any
such
| "excess" distribution.
o Violates Freedom #2
| The freedom to redistribute copies so you can help your
| neighbor
o Violates Freedom #3
| The freedom to improve the program, and release your
| improvements to the public, so that the whole community
| benefits
2. Issue:
======
Whatever Microsoft's unspecified IPR supposedly covers,
you can't do anything with it except Sender-ID-ish things.
Source:
=======
Section 2.1's "solely for the purpose of conforming with"
wording. Oddly enough the restriction isn't again
specifically listed under section 2.2.
Problems:
=========
o Violates OSD #6, DFSG #6
| 6. No Discrimination Against Fields of Endeavor
|
| The license must not restrict anyone from making use
| of the program in a specific field of endeavor. For
| example, it may not restrict the program from being
used
| in a business, or from being used for genetic
research.
o Violates Freedoms #1
| The freedom to study how the program works, and adapt
| it to your needs
o Violates Freedom #3
| The freedom to improve the program, and release your
| improvements to the public, so that the whole community
| benefits
3. Issue:
You must agree to comply with a set of
(purportedly-applicable)
laws that the license alerts you to. (As opposed to being
merely
alerted to the existence and purported applicability of these
laws.)
Source:
=======
Section 6.2.
Problems:
=========
o Violates OSD #5
| 5. No Discrimination Against Persons or Groups
|
| The license must not discriminate against any person
or
| group of persons.
|
| Rationale: In order to get the maximum benefit from
the
| process, the maximum diversity of persons and groups
should
| be equally eligible to contribute to open sources.
| Therefore we forbid any open-source license from
locking
| anybody out of the process.
|
| Some countries, including the United States, have
export
| restrictions for certain types of software. An
| OSD-conformant license may warn licensees of
applicable
| restrictions and remind them that they are obliged
to obey
| the law; however, it may not incorporate such
restrictions
| itself.
o Violates DFSG #5
| 5. No Discrimination Against Persons or Groups
|
| The license must not discriminate against any person
or
| group of persons.
o Violates the Dissident test
| The Dissident test.
|
| Consider a dissident in a totalitarian state who wishes
to
| share a modified bit of software with fellow dissidents,
but
| does not wish to reveal the identity of the modifier, or
| directly reveal the modifications themselves, or even
| possession of the program, to the government. Any
requirement
| for sending source modifications to anyone other than
the
| recipient of the modified binary---in fact any forced
| distribution at all, beyond giving source to those who
receive
| a copy of the binary---would put the dissident in
danger. For
| Debian to consider software free it must not require any
such
| "excess" distribution.
o Violates Freedom #2
| The freedom to redistribute copies so you can help your
| neighbor
o Violates Freedom #3
| The freedom to improve the program, and release your
| improvements to the public, so that the whole community
| benefits
4. Issue:
======
You must agree to be judged by the laws of a specific
jurisdiction and be judged at a specific location.
Source:
=======
Section 6.4
Problems:
=========
o Always objected to on license-discuss for practical
reasons. (It creates superfluous incompatibilities
with any other licenses with choice-of-law and
choice-of-venue restrictions.)
o GPL and LGPL incompatible.
5. Issue:
======
Your rights can be stripped away if you assert your
patent rights or initiate a lawsuit.
Source:
=======
Section 2.4
Problems:
=========
o GPL and LGPL-incompatible. (From
http://www.gnu.org/licenses/license-list.html ,
"We don't think those patent termination cases
are inherently a bad idea, but nonetheless they
are incompatible with the GNU GPL.")
o Possibly fails Tentacles of Evil test
| The Tentacles of Evil test.
|
| Imagine that the author is hired by a large evil
corporation
| and, now in their thrall, attempts to do the worst to
the
| users of the program: to make their lives miserable, to
make
| them stop using the program, to expose them to legal
| liability, to make the program non-free, to discover
their
| secrets, etc. The same can happen to a corporation
bought out
| by a larger corporation bent on destroying free
software in
| order to maintain its monopoly and extend its evil
empire. The
| license cannot allow even the author to take away the
| required freedoms!
6. Issue:
======
The fact that either side has entered into this license
is effectively public knowledge.
Source:
=======
Section 6.9
Problems:
=========
Fails the Dissident Test
| The Dissident test.
|
| Consider a dissident in a totalitarian state who wishes
to
| share a modified bit of software with fellow dissidents,
but
| does not wish to reveal the identity of the modifier, or
| directly reveal the modifications themselves, or even
| possession of the program, to the government. Any
requirement
| for sending source modifications to anyone other than
the
| recipient of the modified binary---in fact any forced
| distribution at all, beyond giving source to those who
receive
| a copy of the binary---would put the dissident in
danger. For
| Debian to consider software free it must not require any
such
| "excess" distribution.
7. Issue:
======
You have to separately agree to and sign a Patent license at
all.
Source:
=======
Section 2.5
Problems:
=========
o Violates OSD #7, DFSG #7
| 7. Distribution of License
|
| The rights attached to the program must apply to all
to whom
| the program is redistributed without the need for
execution
| of an additional license by those parties.
o Violates OSD #10
| 10. License Must Be Technology-Neutral
|
| No provision of the license may be predicated on any
| individual technology or style of interface.
|
| Rationale: This provision is aimed specifically at
licenses
| which require an explicit gesture of assent in
order to
| establish a contract between licensor and licensee.
| Provisions mandating so-called "click-wrap" may
conflict
| with important methods of software distribution
such as
| FTP download, CD-ROM anthologies, and web
mirroring; such
| provisions may also hinder code re-use. Conformant
| licenses must allow for the possibility that (a)
| redistribution of the software will take place over
| non-Web channels that do not support click-wrapping
of the
| download, and that (b) the covered code (or re-used
| portions of covered code) may run in a non-GUI
environment
| that cannot support popup dialogues.
o Violates Freedom #2
| The freedom to redistribute copies so you can help your
| neighbor
o Violates Freedom #3
| The freedom to improve the program, and release your
| improvements to the public, so that the whole community
| benefits
o Fails Desert Island Test
| The Desert Island test.
|
| Imagine a castaway on a desert island with a
solar-powered
| computer. This would make it impossible to fulfil any
| requirement to make changes "publicly available" or to
send
| patches to some particular place. This holds even if
such
| requirements are only "upon request", as the castaway
might be
| able to receive messages but be unable to send them. To
be
| free, software must be modifiable by this unfortunate
castaway,
| who must also be able to legally share modifications
with
| friends on the island.
o Fails Dissident Test
| The Dissident test.
|
| Consider a dissident in a totalitarian state who wishes
to
| share a modified bit of software with fellow dissidents,
but
| does not wish to reveal the identity of the modifier, or
| directly reveal the modifications themselves, or even
| possession of the program, to the government. Any
requirement
| for sending source modifications to anyone other than
the
| recipient of the modified binary---in fact any forced
| distribution at all, beyond giving source to those who
receive
| a copy of the binary---would put the dissident in
danger. For
| Debian to consider software free it must not require any
such
| "excess" distribution.
References:
===========
OSD: Open Source Definition, according to OSI, at
http://www.opensource.org/docs/definition.php
DFSG: Debian Free Software Guidelines, according to SPI, at
http://www.debian.org/social_contract#guidelines
Freedoms: Free Software Definition, according to FSF, at
http://www.gnu.org/philosophy/free-sw.html
Tests: Desert Island Test, Dissident Test, Tentacles of Evil
Test.
These tests are used on debian-legal as thought
experiments
to help determine whether a license meets the DFSG. They
can be found in a draft of a DFSG FAQ at:
http://people.debian.org/~bap/dfsg-faq.html
--
Mark Shewmaker
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [DMCA-Activists] Microsoft Asserts Patent on Sender-ID Standard,
Seth Johnson <=