Microsoft's undeclared patent claims on Sender ID technology is holding up adoption of the e-mail authentication specification

Microsoft's undeclared patent claims on Sender ID technology is holding up adoption of the e-mail authentication specification, and it's not clear when the issue will be resolved. The MTA Authorization Records in DNS (MARID) working group was supposed to conclude its discussion of Sender ID Friday and send it to the next stage of the Internet Engineering Task Force (IETF) standards adoption. But an e-mail from one of the chairmen over the weekend put an end to that. Andrew Newton outlined four areas where some form of consensus within the community has been reached in regards to Sender ID so far: DNS name prefix, Sender Policy Framework (SPF)-specific record types, support for multiple authentication schemes and patent claims. But no mention was made as to when a final draft for Sender ID will move forward for adoption as a proposed standard. Microsoft's patent claim centers on the combined use of two Internet drafts: draft-ietf-marid-core-03 (Sender ID) and draft-ietf-marid-pra-00 (the Purported Responsible Address [PRA] algorithm developed by Microsoft). The open source community says the license agreement protecting those patents violate the GPL (define). So to try and accommodate the needs of the open source community while still keeping Sender ID alive as a viable technology, Newton and Marshall Rose, the other MARID co-chair, floated a compromise measure to separate the PRA algorithm from Sender ID last week. It's a compromise that lets those comfortable with Microsoft's license agreement continue to use Sender ID with the PRA check, while letting others develop their own authentication scheme for e-mails and still be able to use the core Sender ID specification. Unfortunately, because of the unspecified nature of the patents, MARID working group members still weren't convinced that removing the algorithm would completely absolve users from the necessity of signing a license agreement. Also, deciding which authentication "check" to use caused a gridlock on any decision supporting the compromise.