On Wed, 2003-03-26 at 09:12, Hallam-Baker, Phillip wrote:
Devising a mechanism that allows bills to be sent electronically
is worth doing for its own sake. People are likely to pay
more promptly and there is a much reduced hassle factor.
I would like to be able to link outlook to money or quicken
so that every time a bill arrives from an authenticated
and authorized source I get the relevant notification.
Certs and signatures are one way to authenticate; Richard Bliss came up
with another technique that doesn't have issues of key revocation and
recovery. It does require something be built in to clients, which is a
serious drawback but might be feasible given enough time.
Q: Okay, what's the idea?
A: Add something RSS-like to email clients, where the client
occasionally (and infrequently) polls "subscribed" sites for new content
and drops any new content into the normal mail stream (so that you could
filter it into folders).
For example, suppose I want to subscribe to the Floss Recycling
newsletter. The Floss Recycling Web site gives instructions on the
subscription address and when the newsletter comes out (e.g. "Mondays at
3 PM PST). I set up my email client to poll every Monday at 4 AM and to
drop the newsletter into my FlossRecycling folder.
Q: Why don't you just go to the Floss Recycling web site every Tuesday
morning?
A: I could do that, but I'd rather have my software remember for me and
put it somewhere where I can easily see that I need to read it *and*
where I can save it for easy future reference.
Q: So what's one benefit of this?
A: Proof of delivery. Say Bank of Fred wants to start sending me my
mortgage bill electronically. If they send it by email, they have no
idea if it actually gets to me. I could not pay my bill and claim,
"well, you never sent me a statement!" even if I got it.
If Bank of Fred sets up a personalized pull feed for me instead, then
their server will have a record of when my client fetched the bill.
(Yes, it needs to be secure, but passwords and SASL might be good
enough. It's not clear that crooks have a strong incentive to see my
mortgage bill.)
Q: Any other benefits?
A: Well, it puts the unsub control firmly in the hands of the user -- I
don't have to hope that Bank of Fred will in fact unsub me. It also
eliminates the problem of wanted messages getting false positive'd out
of my sight.
Q: So how on earth would this reduce spam?
A: One of the biggest problems that content analyzers (e.g.
SpamAssassin, spambayes) have is that legitimate commercial newsletters
can look an awful lot like spam. If we can reroute all of the legit
mass mailers to this RSS-esque scheme, then the content analyzers can be
much more aggressive.
Q: Is RSS your clear and obvious choice for this?
A: Absolutely not. My "expertise" in RSS is the product of only a few
hours wandering around the Web looking at various Web sites. I feel
like RSS is off in this parallel universe that I really don't know
anything about.
In particular, it was not obvious to me how the RSS client would figure
out what was new since last checked and what was not.
RSS does have a big attraction because using it might get rid of a
chicken-and-egg problem. There's enough content out there that uses RSS
that just the current RSS activity would add competitive advantage to an
RSS-enabled client. That might make it easier to convince the client
manufacturers to add RSS capability. (Again, I'm pretty clueless about
RSS. I might be completely off-base here, and would be very interested
in hearing if that's true.)
Q: Why do you think that you can convince any client vendors to do this?
A: I have *cough* some influence on the email portion of Chandler, the
Open Source Application's PIM. If RSS is a reasonable vehicle for the
Bliss Technique, then I would like to stuff RSS capability into
Chandler. (No promises on *when*, however -- there are a lot of things
to put into Chandler. The more people clamor for a feature, however,
the more likely it will go in.)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg