ietf-asrg
[Top] [All Lists]

Re: 4. Consent Model - Consent Tokens (was Re: [Asrg] Nothing will stop spam???)

2003-07-09 20:29:53
At 12:06 AM -0400 7/9/03, Yakov Shafranovich wrote:
At 11:36 PM 7/8/2003 -0400, Kee Hinckley wrote:

At 1:20 AM -0400 7/7/03, Walter Dnes wrote:
On Fri, Jul 04, 2003 at 11:14:03AM -0400, Kee Hinckley wrote

 1. Like many systems, this ties in tightly with identity.  If I move
 to a new ISP (or Comcast gets sold *again*) my email address changes.
 How do I manage notifying all of my contacts.

  If it's important enough, get a personal domain, even if it's only a
cheap email+web re-direction service to your physical ISP.  You get to
keep the address when you change ISP.

I'm not talking about importance. I'm talking about usability. Consent systems make domain name changes much more painful.

What about consent tokens that are not tied into the SENDER's email address. Things like digital certificates, third party seals (e.g. Truste, Habeas, etc.)?

My apologies in advance if I'm recreating stuff that has been discussed already in your consent documents. I confess to having been mostly focused on the side discussions due to time constraints.

I've been thinking mostly of consent as being a matter of my approving particularly senders, and giving them a token to use. But you're right, there are other options, including having a token for the sender, or accepting messages which certain attributes (ranging from Habeas to text/plain).

Attribute-based consent clearly doesn't have a problem with a change in domain name or other email address changes. Nor does it require a great deal of software changes on the part of the sender.

Digital certificates may or may not have issues. That depends on how they are issued and on what basis you accept them. PGP clearly allows me to change my email address, so that's not an issue. However the S/MIME certs I've seen are bound to a particular address, so they don't help if I change my address. The token-based systems I was considering (where the sender has a token) may or may not be bound to a particular sender. If it is, then address changes are a problem, as is initiating contact off-line or away from your primary MUA. If it isn't, then you haven't really solved the "what if they sell my address" problem.


--
Kee Hinckley
http://www.messagefire.com/          Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>