ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] New take on emerging idea. (yet another C-R system?)

2003-04-10 11:51:43
from [J C Lawrence] [Permanent Link] 
On Thu, 10 Apr 2003 10:39:26 -0700 
Chuq Von Rospach <chuqui(_at_)plaidworks(_dot_)com> wrote:


plus syntax?  <consent token hash>+chuqui(_at_)plaidworks(_dot_)com?


Sure, that's one way (and the way that TMDA does it), but I'd rather not
get messed in with implementation of how to encode consent tokens at
this point.  What we need to resolve now is how tokens move about, when,
etc.  How for instance list subscriptions are negotiated, how consent
can be audited, all that crap.

Then we can mess with an implementation that does all that.


Recipient user maintains a database of hashes with allowed addresses
they'll accept that hash from. Since a user (like me, or like a list
with monthly admin postings) might have more than one email address to
send from legitimately, allowing a token to map to more than one
address simplifies things. Allows users to manage access, revoke or
modify consent, and allows some flexibility in the use of the token
based on the real world. You could potentially flag some tokens as
being filtered to a folder for review, while other tokens filtered to
c/r and others to blacklist, based on why you generated them.


<nod>


Given this, I think you could also create "good until" tokens, too,
now that I think about it. Maybe re-invent the web site mailto with a
token that's got some way of seeing when it was generated and can only
be used for, say, 24 hours after generation. That'd solve most of the
problems we see with role accounts without forcing everyone through
c/r stuff. 


There are horrors in UI complexity here, but yes, these are the sorts of
things I'd like to see hit.


Spammers would have to scrape and spam in real time, which is still
possible, but a lot harder.


Frankly I don't think its possible to build a system which can prevent
spam which doesn't also prevent valid/desirable communication.  There's
a scale.  You get to pick a point on the scale with its associated
tradeoffs.

If spammers need to do near-realtime scrap and send, I have little doubt
they will, especially as bandwidth and MIPs continue to plummet in
price.  However, that's not todays problem, nor tomorrow's, and I
suspect the legal and other surrounding contexts might be a lot
different then.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw(_at_)kanga(_dot_)nu               He lived as a devil, eh?           
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] New take on emerging idea. (yet another C-R system?), Chuq Von Rospach
Next by Date:  Re: [Asrg] New take on emerging idea. (yet another C-R system?), J C Lawrence
Previous by Thread:  Re: [Asrg] New take on emerging idea. (yet another C-R system?), Chuq Von Rospach
Next by Thread:  Re: [Asrg] New take on emerging idea. (yet another C-R system?), Chuq Von Rospach
Indexes:  [Date] [Thread] [Top] [All Lists]