-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I guess different cultures have different ideas of privacy...
Yes. In a nutshell there are three basic regimes to consider, or ignore:
...
There are also different ideas of identity.
For example, I read that the UK is implementing a new "URU"
identification scheme based on the meters associated with
addresses. Does that mean that homeless people in the UK
might have no identities?
Certainly, similar problems exist elsewhere.
Homeless people, human rights workers, members of abused
social groups, etc should be able to send mail without
establishing an "identity". (And intended recipients should
be able to refuse such mail.)
This is a little more fundamental in a way than the issue
of privacy, because some jurisdictions may not recognize
the identity of some persons (natural or artificial, such
as corporations etc). And any scheme which requires an
identity must be flexible enough to allow unidentifiable
persons or artificial persons. (Who will identify refugees
or officials in "unrecognized" governments?)
Furthermore, artifical persons (such as corporations) are
easy to establish. (Here in Nevada we have 200,000 such
artificial persons, against 2,000,000 natural persons.)
The fact that such an entity exists and is chartered by
a government doesn't necessarily grant effective recourse
to a victim of that entity's acts. (Isn't being known as
"responsible" one of the main reasons to have an
identity, or to be required to have one?) Having an
identity may be useful to some, but I doubt it would be an
effective way to ameliorate the spam problem.
On the other hand, knowing the identity of a sender is a
aid in implementing whitelists. It might allow me to carry
on a conversation with an anonymous "person", even though
that person is sending from a spammer's domain. I have
had that very problem, trying to communicate with one
individual working for someone on our blacklists, but
found that the blacklist made communication through the
obvious channels difficult.
If we implement some sort of identity mechanism, the only
scheme I know of which would be flexible enough would be
using simple key pairs, which anyone could generate. Then
we could add certificates, saying "this is a recognized
citizen of XYZ", or "agency ABC vouches for the identity
of this person". (In other words, a web-of-trust mechanism
similar to that used by PGP.) Those who want complete
anonymity could simply generate a key pair, and not have
any certificates.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+ZhUW3fFKt0vOYhYRApwkAKCdoQGmsy7+alvplr9QJSHZjl8HaACeJVOw
OCvcYWVKa8PAJuwPTVD9Jew=
=Vojs
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg