At 11:14 AM 7/4/2003 -0400, Kee Hinckley wrote:
....
Sleeping on this I came up with some more issues (okay, I didn't sleep
very well).
1. Like many systems, this ties in tightly with identity. If I move to a
new ISP (or Comcast gets sold *again*) my email address changes. How do I
manage notifying all of my contacts. Some people seem to think the
address book model works, but I correspond with several orders of
magnitude more people than are in my address book, and some of them I only
send mail to every few years--I don't want to have to notify them all of a
change, nor is it clear to me *how* I would notify them of a change
without hitting the consent system again. It's probably technically
feasible, albeit difficult, to do so if I know in advance of the
change--but that doesn't always happen. Right now people struggle with
simple things like transferring their address book, never mind
transferring consent. A regular occurrence on wormalert is mail from
someone to all of their contents with a brief comment like "sorry, just
mailing myself a copy of my address book". That's how they do it--they
put everyone in the to, including their new address. So. Without a
persistent concept of identity, consent is rather transient to the
recipient, never mind the sender.
A consent system will not base its decisions solely on the sender's email
address although this may be a major factor. You may have a consent token
that will let you in regardless of your email address. This consent token
may be a digital certificate or signature, or verification by a third
party. A simple password might not suffice.
However, two points must be made. First if all, a consent system does not
necessarily imply that all incoming email from unknown senders gets
chucked. All a consent system does is provide a framework and tools for
users to define policies for incoming email. A consent system that lets all
ASCII email through like Gordon suggested, is still a consent system just
like a consent system using C/R. Second of all, like someone else mentioned
in a different thread, a consent system that automatically blacklists all
incoming unknown email might not be necessarily. If enough spam is blocked
even though some may get through, the spammer's profit plummets and they
will lose the economic inventive (this is also in regards to the
introduction issue you mentioned before).
Also, just to let you know - I posted a rough draft of the consent model in
this message
(https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg06209.html).
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg