At 12:06 AM -0400 7/9/03, Yakov Shafranovich wrote:
At 11:36 PM 7/8/2003 -0400, Kee Hinckley wrote:
At 1:20 AM -0400 7/7/03, Walter Dnes wrote:
On Fri, Jul 04, 2003 at 11:14:03AM -0400, Kee Hinckley wrote
1. Like many systems, this ties in tightly with identity. If I move
to a new ISP (or Comcast gets sold *again*) my email address changes.
How do I manage notifying all of my contacts.
If it's important enough, get a personal domain, even if it's only a
cheap email+web re-direction service to your physical ISP. You get to
keep the address when you change ISP.
I'm not talking about importance. I'm talking about usability.
Consent systems make domain name changes much more painful.
What about consent tokens that are not tied into the SENDER's email
address. Things like digital certificates, third party seals (e.g.
Truste, Habeas, etc.)?
My apologies in advance if I'm recreating stuff that has been
discussed already in your consent documents. I confess to having
been mostly focused on the side discussions due to time constraints.
I've been thinking mostly of consent as being a matter of my
approving particularly senders, and giving them a token to use. But
you're right, there are other options, including having a token for
the sender, or accepting messages which certain attributes (ranging
from Habeas to text/plain).
Attribute-based consent clearly doesn't have a problem with a change
in domain name or other email address changes. Nor does it require a
great deal of software changes on the part of the sender.
Digital certificates may or may not have issues. That depends on how
they are issued and on what basis you accept them. PGP clearly
allows me to change my email address, so that's not an issue.
However the S/MIME certs I've seen are bound to a particular address,
so they don't help if I change my address. The token-based systems I
was considering (where the sender has a token) may or may not be
bound to a particular sender. If it is, then address changes are a
problem, as is initiating contact off-line or away from your primary
MUA. If it isn't, then you haven't really solved the "what if they
sell my address" problem.
--
Kee Hinckley
http://www.messagefire.com/ Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg