Re: [Asrg] Thoughts so far

To me, it has to be national legislation to be useful, for that very
reason: the chance of both you and the spammer being in washington
jurisdiction is tiny, and even if you get washington small claims to
issue a judgement, collection is problematic.
*Identification* is often problematic. How do you identify theindividualresponsible for sending you a piece of spam? This is a non-trivialproblem.


Yes, it is. How do you identify the person kiting checks? stealing cars?

What happens when the person is in China? Do we ("we" meaningAmericans)
really want to try to subject the rest of the world to US laws?


Maybe nothing, in the first phase. We have to start somewhere.

I keep getting the impression people are looking for a silver bullethere. If one existed, it'd be found by now. A common thing I'm seeingis that every time someone suggests something, the reasons why it's nota *complete* solution show up.

I sort of feel we're trying to implement a software project herewithout subroutines....

split it into less complex pieces, start solving one piece of it, andthen work on the next. Laws in the US don't solve chinese spam -- butthey help us start solving US-based spam, and give us a piece in thepuzzle to help convince the Chinese to follow suit in solving theirspam problem, and eventually everyone coming together with aninternational agreement on how do deal with these issues.

My model on that is copyright -- each country has it's own laws oncopyright. There is no "one" copyright law. But most countries are alsosignatory to the Berne convention, which sets standards for what thosecopyright laws ought to do. That's a model I think is useful in a caselike this: start getting the legislation model down and approved, getit working in specific jurisdictions, and move it into an internationalvenue over time.

The idea of battling spam by criminalizing it seems a little bit to melikeleaving all your doors and windows open and trying to prosecuteeveryone who
steals things out of your house.

Nope. you don't expect criminalization to stop the need for locks onthe windows. you expect criminalization to deter some people fromchoosing to enter your house without your permission, and to give youthe ability, if they choose to do so, to make sure they're unable to doit to someone else again later for a while. Again, this sounds like(and I'm sorry if I misinterpret your attitude) we're only allowed ONEapproach. I see no problem with having locks AND policemen. In fact, Isee no way to solve this problem without locks and policemen and lotsof other services and tools, too. But we can onlydefine/build/test/evaluate stuff independently of all of the otherstuff. The bigger and more complex the system, the harder it'll be tobuild, make work, get people to buy into and use, and keep from beingcircumvented. So I'm all for lots of smaller tools and techniques, eachfocussing on one part of the larger equation, hopefully with lots ofoverlap so we don't have as many cracks to slip through.

But you're going to spend
all your time doing that, when surely you have better things to do.

nope. Just some time. focussing on better authentication is needed,too, plus I think finding ways to help us define stuff we *don't* needto look at (bonded whitelisting of commercial vendors, for instance, ortechniques like Habeas) also helps simplify the problem.

Maybe it's old-fashioned of me, but I'm a hacker who sees a big,complex problem, and breaks it down into a bunch of smaller, lesscomplex problems, and then works my way through each one until I comeout the other end. I see a situation like this as needing a similarapproach, but I keep getting the feeling we're looking for a One TrueSolution, and anything that doesn't meet that criteria gets lost in thenoise a bit.



--
Chuq Von Rospach, Architech
chuqui(_at_)plaidworks(_dot_)com -- http://www.plaidworks.com/chuqui/blog/


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg