The “new new” anti-spam proposals?
A lot of spam activities took place this past week. Most of these involved various corporations making their annual announcements at the 2004 RSA conference. Some of the high-profiles ones includes Microsoft’s Bill Gates unveiling of the “Caller ID” scheme for email authentication (which is basically LMAP+XML), Sendmail’s announcement of support for email authentication (both MSFT’s “Caller ID” and Yahoo’s Domain Keys, while the various LMAP proposals seem to have been absent). At the same time none of these proposals have been submitted to any standards bodies such as the IETF, and as a matter of fact Microsoft was invited to submit “Caller ID” and participate in this week’s meeting at the IETF on the subject, but they declined. At the same time the community had jumped on Caller ID’s patent license by declaring a (and a possible incompatability with the GPL. Of course it remains to be seen what exactly does Caller ID claim to patent since RMX and other prior art existed at least since 1998, and if Caller ID ever makes it to the IETF, Microsoft will have to deal with the new IPR guidelines (RFC 3669) which favor non-patented technologies.
Of course all of “these” proposals are brand new: Caller ID has nothing to do with LMAP, DomainKeys has no connection to S/MIME or PGP, and they are all recently “invented” by the companies that promote them. Yeah, right - its the same old proposals being recycled over and over. The question is will they make any difference in the long run, and as I have stated many times before the answer is no. Pure technical solutions will accomplish nothing without corresponding efforts in cooperation among ISPs, legal measures against spammers, and better collaboration in the anti-spam community.
Verisign: The forces of darkness (huh?)
At the same time various other curious corporate manuvers took place. In particular, Verisign announced their new “OATH” initiative which includes seamless provisioning of desktop PKI credentials to include additional strong credentials, such as One Time Password (OTP) tokens, PKI tokens, smart cards, and desktop PKI. This of course goes hand in hand with their testing of hardware security tokens among schoolchildren, and their promotion of hardware tokens for spam control. They also sued ICANN because of SiteFinder and WLS along with 50 unnamed “John Does”. And to make every conspiracy theorist drool, their “secret” goal was “revealed” by none other than Stratton Sclavos, Verisign’s CEO and Chariman in a recent ZD NET article:
Imagine a directory service and data bank that manages and routes domain name traffic, RFID tag information, voice calls, and digital authentication services. VeriSign is on a mission to become the Internet infrastructure utility that everyone else plugs into. By 2010, VeriSign Chairman and CEO Stratton Sclavos hopes to have at least half of all voice and data network interactions passing through his company’s services.
What is not being mentioned but is implied is that everyone using these services has to pay for them, ergo making Verisign very rich in the process. And of course they can’t have someone like ICANN or the IAB spoil the party. ANYWAY, lets not get carried about the conspiracy theories especially the ones being put forth by those pesky SlashDotters. Of course, their behavior is being overblown and exaggerated, but not consulting anyone before turning on SiteFinder has not been their brightest move. But they have improved and a recent minor change in the root servers was announced 30 days prior at NANOG. On the other hand ICANN has been limping along for some time and a lawsuit might be just one thing to make them awake, and at the least make their minutes and discussions more open. By comparison, both the IAB and the IESG post their meeting minutes on a regular basis and are publicly available at every IETF meeting and in numerous mailing lists.
Media and selected community members fanning the flames
It is completely naive to believe everything that the media says, on the other hand it would be foolish to ignore all of it. PR posturing by big companies many times does not indicate anything at all other than a desire to increase their share prices or some other PR ploy, standards organizations and many community activities such as the open source movement are hard for journalists to understand, if they are not members of it. It is also ludicrous to believe every single anti-Microsoftie Slashdotter out there as well as some of the more outspoken members of the community who happen to be in the news more often or have more popular blogs.
But nevertheless, many of the media reports and community members are fanning the flames. In particular a recent Business Week article discussed how “a unilateral move from a powerful commercial entity such as Yahoo, however, threatens to overtake the Internet’s governing bodies and could effectively cede control of e-mail technology standards to the mammoth ISPs. The people interviewed for that specific article were not official representatives of the IETF, nor were they representative of the community at large. Last week’s BBC article an “emergency meeting” because “The competing proposals have sparked worries at the Internet Engineering Task Force which oversees the technical development of the net”. I am not exactly sure who they picked up that juicy piece of information from, but ain’t me. Another article by the Associated Press talks about how “All these competing proposals are enough to get the Internet’s standards-setting bodies in a lather” (hmm, I remember showering recently). Anybody familiar with the operations of the IETF knows that these characterizations are not true.
The need to work together
The question we must ask is how do we explain this corporate behavior? One possible explanation is that in the Internet arena, where government influence is small, corporations wield a greater power. However, at the same time the community which is much more connected on the Internet wields greater power than it does in the real world. If so, these two forces - the corporations and the community will expeirence significant friction which may possibly lead to multiple stands offs. The SCO vs. Linux may be the first of such examples where a corporation has basically declared war on a significant section of the Internet community. The just announced Verisign lawsuit against ICANN, maybe looked upon as a similar occurance in the arena of Internet governance. While only ICANN is being sued, the presence of the 50 “John Does” on the list might imply that Verisign is planning on including the IAB or IETF leadership as well since they serve on individual basis. On the other hand, its very hard to believe that Verisign wants to alienate the entire Internet community by suing the IETF and end up in the same scenario as SCO.
Corporations are not stupid and neither is the Internet community. Companies realize that imposing their own standards no longer works in the global age of the Internet, while the Internet community knows that it needs the companies to provide support for standards. Therefore, the two must work together. One must take into account that corporations are not mindless entities, rather they are collections of people. Neither are Internet standards bodies, community organizations or the open source movement - they all consist of people.
We must also take into account the fact that the world around us is changing rapidly due to the Internet. At its basic, the Internet is a cheap communications medium which has proved to be a “disruptive technology” to many people. Outsourcing, VoIP, P2P, ENUM, open source vs. Microsoft: all of these are symptoms of how the Internet is forcing changes in every corner of the human world. And of course, this makes it necessary for the Internet itself to change which is where companies and the Internet community work together.
Corporations vs. the community: partnership, not conflict
The fact is that the community and companies are working together, not against each other. It might not be visible but many efforts are going behind closed doors in corporate circles, restricted mailing lists in the community, and various other open venues which are not so visible. “For the world is changing, I feel it in the water, I feel it in the earth, and I smell it in the air and the community and companies are working together to make it possible.