From: Keith Moore [mailto:moore(_at_)cs(_dot_)utk(_dot_)edu]
To the extent that they can be understood as separable
issues, I don't have a problem with doing what you describe
in addition to writing the I-D. But I believe these issues
need a wider visibility than just within the DKIM wg.
I have followed this thread for some time, I have still not seen the actual
issue you wish to raise stated, merely a series of statements pointing to other
places that you claim the statement was made.
I am entirely willing to discuss technical issues relating to DKIM in
particular and the Accountable Web in general.
What I am not prepared to do is to argue over technical issues as proxies for
the political issues that underly them.
As far as I am concerned the principle of the Accountable Web is not up for
negotiation. We have a billion users of the Internet. As with any system 95% of
the participants are honest 95% of the time. It is the other 5% that is the
problem. With a billion users that makes 50 million pedophiles, predators,
theives, confidence tricksters, vandals and other criminals to deal with.
The point of the Accountable Web is to stop that 5% spoiling the Internet for
the rest of us.
I am not talking about a police state: a key principle of the Accountable Web
has to be that the accountability processes themselves are accountable. The key
feature of a police state is when law enforcement claims that it is above the
Nor am I talking about excluding anonymity entirely. There is a role for
anonymity in the Internet and there is a role for pseudonymity. What there
cannot be is a situation where other people can claim to be me and make use of
This is currently the case in email. My reputation, the reputation of my
employer are diluted because anyone can send mail that purports to come from
that domain name and there is no widely deployed authentication infrastructure.
The ability to claim responsibility for a message allows the sender of an email
to tell the recipient that they can be held accountable for it. Knowing that
someone is accountable allows the recpient to accept the email with greater
confidence than is possible otherwise.
By combining Authentication, Accreditation and Consequences we can achieve
accountability in the email system and thus begin to bring spam under control.
In the process the ability to send unaccountable mail is likely to be lost. But
that is going to be the result of recipients deciding to reject unaccountable
mail as likely spam, and not the result of a government dictat that everyone be
A lot of the problems with the Internet are the result of the widespread
perception that it is a parallel universe with no connection to the real world,
a consequence free environment that lacks police, law and order.
This perception is mistaken, there is law enforcement in cyberspace and arrests
result every single day. Arrests of Internet pedophiles have become so
commonplace that they have long since ceased to be notable unless the number
arrested is particularly large.
The Accountable Web is about changing that perception.
I know that there will be many who would prefer to maintain the Web in a state
of permanent anarchy. I note however that those who advocate this position then
construct their own personal safety zones and defend them aggressively. Anarchy
is a much more attractive political doctrine when offered a la carte, so that
one can choose unlimited personal freedom for oneself without having to live
with the consequences of every one else making the same choice, including the
5% who cause 95% of the problems.
We have already seen what happened to USENET when the 5%ers got hold of it. In
the space of a few short years the spammers destroyed USENET. It has only
recovered since because even the spammers find that there is little value there
for them. We cannot let the same thing happen to email and the Web.
USENET worked when there was accountability. Under the NSF regime anyone who
did a Green Card spam would have been accountable to their university proctors.
It isn't an accident that the Green Card spam went out in April 1994 during the
transition from the NSFnet to the commercial Internet. As we discovered then
the traditional accountability mechanism had been lost.
If we are going to do anything about the pedophile predators lurking in
Internet chat rooms we have to create the understanding that there is
accountability. The perverts would not approach a minor in a public area with
the type of advance they use in a chat room, they know that they can be
Just creating a binding from a chat room identity to a cell phone or landline
creates a degree of accountability. The potential perpetrator knows that they
can be tracked down to a particular telephone number, if they are smart they
also know that their location can be fixed geographically as well. There are
means to circumvent this but the reliability of these steps are not as
predictable as some think and messaging can be used to emphasize this
This approach compliments the efforts of i-safe and others to provide age
verification through schools. Again there is an accountability component to the
scheme, credentials can be tied to a particular individual if necessary and so
attempts to trade them will result in consequences.
This example demonstrates that accountability does not mean loss of privacy. I
hope that people understand that what we are proposing here is to provide AGE
VERIFICATION here so that chat rooms can make sure that only kids (and licensed
law enforcement) are allowed to post into kids only chat rooms. We are not
certainly proposing to make it easier for the predators by enabling them to
know the identity of the kids, where they live, etc.
Ietf mailing list