I just noticed that September 30 is the deadline to submit written comments or requests to participate in the Federal Trade Commission-National Institute of Standards and Technology's "Email Authentication Summit."
I was sure some of you might like to know about this, if you didn't already. Now that Sender ID is dead and MARID is too, as far as the IETF is concerned, it doesn't mean that it won't crop up elsewhere. And I am guessing the FTC may not be informed about the Sender ID/GPL incompatibility issue.
Here's a sample of some of the issues they would like information on, taken from the Federal Register Notice:
7. Whether any of the proposed authentication standards would have to be an open standard (i.e., a standard with specifications that are public).
8. Whether any of the proposed authentication standards are proprietary and/or patented.
9. Whether any of the proposed authentication standards would require the use of goods or services protected by intellectual property laws.
22. Whether any of the proposed authentication standards would impact the ability of consumers to engage in anonymous political speech.
23. Whether any safeguards are necessary to ensure that the adoption of an industry-wide authentication standard does not run afoul of the antitrust laws.
The full text of the Federal Register Notice, with all the questions, can be obtained here. [PDF] So, here is the press release, or the meat of it anyway, with directions on how to provide written comments or send a request to participate. Note you can use email or snail mail, but there are special instructions for snail mail.
For Release: September 15, 2004
FTC, NIST to Host E-mail Authentication Summit
Adoption of Technology Could Help Thwart Spam
The Federal Trade Commission and National Institute of Standards and Technology (NIST) will co-host a two-day “summit” November 9-10 to explore the development and deployment of technology that could reduce spam. The E-mail Authentication Summit will focus on challenges in the development, testing, evaluation, and deployment of domain-level authentication systems.
A Federal Register Notice to be published today notes that the FTC’s National Do Not E-mail Registry Report to Congress stated that “significant security, enforcement, practical and technical challenges rendered a registry an ineffective solution to the spam problem.” The report identified domain-level authentication as a promising technology that would enable Internet Service Providers (ISPs) and others to better filter spam, and would provide law enforcers a tool to locate and identify spammers.
The Notice states that the Simple Mail Transfer Protocol (SMTP) currently in use for e-mail allows spammers to use techniques like “spoofing,” open relays, open proxies, and “zombie drones” to remain anonymous, evade spam filters, and elude law enforcers. “To remove this cloak of anonymity, ISPs and others involved with the e-mail system have proposed domain-level authentication systems that would enable a receiving mail server to verify that an e-mail message actually came from the sender’s purported domain,” the notice says.
The FTC is seeking public comment on:
* Whether any of the proposed authentication standards (either alone or in conjunction with other existing technologies) would result in a significant decrease in the amount of spam received by consumers;
* Whether ISPs that do not participate in an authentication regime would face any challenges providing e-mail services. If so, what types of challenges these ISPs would face and whether these challenges would in any way prevent them from continuing to be able to provide e-mail services;
* Whether an Internet-wide authentication system could be adopted within a reasonable amount of time. Description of industry and standard-setting efforts, whether there is an implementation schedule in place and, if so, the time frames of the implementation schedule;
and 27 other questions listed in the Federal Register Notice that will be discussed or addressed at the summit.
Parties who wish to participate in the Summit must send a statement to the FTC and NIST setting forth their expertise in, or knowledge of, the issues by September 30, 2004. The FTC and NIST will select participants who submitted timely responses that demonstrate expertise in or knowledge of the issues, and whose participation would promote the representation of a balance of interests at the Summit.
The Commission vote to publish the Federal Register Notice was 4-0-1 with Commissioner Jon Leibowitz not participating.
Written comments should be identified as “E-mail Authentication Summit-Comments,” and written requests to participate in the E-mail Authentication Summit should be identified as “E-mail Authentication Summit-Request to Participate.”
Written comments and requests to participate should be submitted to: Secretary, Federal Trade Commission, Room 159-H (Annex V), 600 Pennsylvania Ave., N.W., Washington, DC 20580. If submitting in paper form, parties must submit an original and three copies of each document. The FTC requests that any comment filed in paper form be sent by courier or overnight service, since U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions. In the alternative, parties may e-mail comments and requests to participate to firstname.lastname@example.org. To ensure that the Commission considers an electronic comment, you must file it with the FTC at this e-mail address.
For further requirements concerning the filing of comments and requests to participate, please consult the Request for Comments and Requests to Participate sections of the Federal Register Notice for the E-mail Authentication Summit (linked to this news release on the FTC Web site: www.ftc.gov.