Home Larry Seltzer on Sender-ID

Larry Seltzer on Sender-ID

eWeek just published an opinion piece on Sender-ID written by Larry Seltzer. In general it reflects the same line of thinking that I used myself. However, I do want to take issue with something he says in the end of the article:

Personally, I'm sick and tired of the lack of achievement that openness and the OSS community have gotten us. If it weren't for private companies like Microsoft and Yahoo and Meng Wong personally, we wouldn't have anywhere near as many plausible solutions in sight as we do now.

Really? At one point in the ASRG there were at least 7 sender authentication proposals discussed, none of which were developed by big companies. Rather, all of them were made by single individuals with the exception of Meng Wong who had a large open community behind him. Look at IETF-MAILSIG - only two solutions are from big companies, the rest from little guys. The IETF itself operates very openly as well, just like many other standards organizations and many proposals in the IETF come from single individuals as well. What Microsoft has done here is classic "embrace and extend" - they took the work percolating in the ASRG for several months, "extended it" by adding PRA and brought back to the table, branded as their own. I wrote about this in detail previously in a two part series published at CircleID, titled "Sender ID: A Tale of Open Standards and Corporate Greed?" (Part I, Part II):

This brings us to the next point of this story: what did Microsoft possibly invent? The Caller-ID standard when published had two major distinctions over the existing set of authentication proposals: it used XML and also had the PRA algorithm to address phishing in addition to spam. The rest of the proposal was based directly on SPF, DMP, RMX and others, all of which dated back to Paul Vixie in 2002 and to Jim Miller in 1997.

I am sorry Larry, but that paragraph in your story is total FUD.

This post is licensed under CC BY 4.0 by the author.