ietf-asrg
[Top] [All Lists]

Re: [Asrg] RMX proposals and Nash Equilibrium

2003-05-05 16:07:59

FWIW, RMX strikes me as a possibly useful approach to a problem
somewhat orthogonal and/or slightly overlapping the spam problem.

What it helps with is whether some specific piece of email is highly
likely to be from the organization it claims to be from, in a
relatively lightweight way.

Which would be primarily useful for what others are calling
"transactional" messages like your order was shipped or please check
your order status at URL there's a problem you need to resolve or
here's your receipt or monthly activity statement.

That is, relatively low-security stuff which a miscreant might mimic
to trick you into visiting their web site etc.

So arguing that it doesn't seem terribly useful in the fight against
spam is probably correct, but doesn't necessarily obviate the
underlying idea.

It's kinda like arguing that nail-proof tires won't do you much good
in a snowstorm (except inasmuch as it'd be nasty to change a tire
punctured by a nail in a snowstorm.)

On the other hand, even taken at its best, there are other ways to
accomplish the same thing (e.g., PGP signing or similar), though there
is something attractive about pushing this mechanism into the servers
such that the MUA's only have to recognize the result, e.g., a special
header, "X-RMX: OK".

That's simpler than coordinating PGP signing between end-users (both
from the point of view of implementing PGP in the MUA's and
administering its use), I'll grant that.

So if RMX is "good enough" for some specific uses such as "did this
bank statement actually come from my bank?" then it might have merit,
even if it's not of much help with spam, per se.


-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg