We still seem to have some problems with weak analogies.
Why can't I buy one SSL cert and put it onto as many sites as I like?
Because each site has a unique DNS entry. I don't think a system that
requires a DNS entry for every message you send would work very well.
But the point is if I can distinguish between a legitimate stamp and
a non-legitimate stamp, and like an SSL cert, can know with some
reasonable certainty who must own that "postage meter", then I know
who the offender is.
That all makes sense, but I still don't see a reasonable process for
monitoring the mail. Bad guy gets a meter, prints himself 100 stamps,
puts each of them on 100,000 pieces of mail and blasts out 10 million
spams to random recipients. Are you assuming that each stamp would be
keyed to a particular message and envelope? That's sort of what
Goodmail does, although it's rather hard to make it tamper-resistant.
... because none of them are attempting to work in an environment
where 98% of the attempted transactions are bogus.
You need to speak with ASCAP, RIAA, et al.
You don't think illegal muslc downloading etc faced similar stats?
The issues are utterly different. If ASCAP managed to collect 90% of
the royalties people owe them and miss the other 10%, they're doing
great. If 10% of the spam with reused stamps leaks through, we're
Now if they buy a legitimate "cert" and proceed to double-spend we'll
know who they are.
Unless both of the recipients present it back to the issuer, how? And
if they do, we're back at the horrible micropayment database problem.
Asrg mailing list