Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Will Submit 'Caller ID' To The IETF

Posted by timothy on from the who's-calling-please dept.

An anonymous reader submits "According to a recent mailing list post by Harry Katz who is the Program Manager of Exchange at Microsoft, they plan to submit MSFT's "Caller ID" proposal to the IETF: 'I want to inform members of the MARID working group that Microsoft will shortly be submitting the Caller ID for E-mail specification to the IETF as an Informational RFC. We request that the Caller ID specification be considered an input document to the working group's deliberations.'"

3 of 42 comments (clear)

  1. Re:Obligatory note... by BrynM · · Score: 3, Interesting
    c) Licensing issues exist.
    From the MS License for this submission:
    If you distribute, license or sell a Licensed Implementation, this license is conditioned upon you requiring that the
    following notice be prominently displayed in all copies and derivative works of your source code and in copies of the
    documentation and licenses associated with your Licensed Implementation:
    "This product may incorporate intellectual property owned by Microsoft Corporation. If you would like a license
    from Microsoft, you need to contact Microsoft directly."
    By including the above notice in a Licensed Implementation, you will be deemed to have accepted the terms and
    conditions of this license. You are not licensed to distribute a Licensed Implementation under license terms and
    conditions that prohibit the terms and conditions of this license.
    You are not licensed to sublicense or transfer your rights.
    Hungh? Does this section mean that everyone who implements this must notify Microsoft that they are using it? If you're "not licensed to distribute a Licensed Implementation", then does each end user have to check in with MS? If I write, say an e-mail class in PHP that can use this spec for my personal web site, do I have to notify MS?

    I may just be paranoid of the MS grab it all attitude, but I don't like the implications of this. Is this normal wording for such a license that involves Patented works in RFCs?

    --
    US Democracy:The best person for the job (among These pre-selected choices...)
  2. Man, what a hack.... by brianjcain · · Score: 4, Interesting

    If you're going to use a hack, why not use SPF? MS's hack doesn't look any better than SPF, from what I can tell. They both leverage reverse DNS lookups. All we need is for Sun, IBM, Oracle and SCO to develop their own DNS TXT-mail domain identity hacks.

    "Long e-mail policy documents. Larger organizations with more complex e-mail topologies may need longer e-mail policy documents. If your organization has a large e-mail policy document, please refer to the Caller-ID specification for information on how to split it up."

    This is stupid -- DNS shouldn't have to be twisted into knots to get this to work. These solutions seem to be the lazy way of getting things done: "Distribution of trust is too hard. But we already trust DNS, so let's just mess with DNS until it does what we want it to."

    How about a new version of smtp that signs emails using a trusted certificate (yes, I recognize that it's pretty unlikely that I'm the first to suggest this)? If browsers come with lists of trusted root certs, why can't SMTP daemons? Current SMTP servers can ignore the signature, and subsequent SMTP servers could use it as a cue to bypass spam filters (or skip directly to a "domain is known bad?" decision point).

    While MS is mucking with stuff, why don't they have Windows automagically generate a cert for someone's identity when a new user is created, and then include email signatures by default in Outlook/OE? Outlook and OE seem to handle S/MIME just about as well as Mozilla/TBird do.

    (Cue boilerplate "your solution to the problem of Spam sucks because of..." here).

  3. What's so special about "CallerID" anyway? by parvenu74 · · Score: 3, Interesting

    From the MS website:

    Caller ID for e-mail would verify that each e-mail message originates from the Internet domain it claims to come from.
    Given that email headers indicate the IP address of the originating email server, and the 'from address' indicated the alleged originating domain, isn't this already possible by means of a simple DNS lookup?

    Or is that CallerID really is under the hood and MS is trying to 'license' it to folks?

    (Amd with all the money MS has, can't they hire tech writers who know not to end a sentence with a preposition???)