ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 0. General - News Article - Replacing SMTP

2003-08-01 14:07:03
from [Alan DeKok] [Permanent Link] 
Kee Hinckley <nazgul(_at_)somewhere(_dot_)com> wrote:

The whole thing SMTP thing is a red herring.  Because not only do you 
have to solve the identity problem, you *also* would have to link 
each identities to a physical personal or company, and be able to 
recognize the commonality of all identities owned by that person. 


  I don't see why it would be necessary to establish physical
identity, if the mutual conversation is consensual.  See "sex with
strangers in bars" for a well-known identity-less consent protocol.

  The issue is that SMTP (or the common use of it) does not have a
complete enough consent model to meet the ASRG charter goals.  If it
did, then there would be no need for ASRG.


And finally you'd need an enforcement mechanism to prevent abuse.  It 
does me no good to know the name of the person who is mail-bombing my 
server if I can't stop him.


  You just stop listening.  It worked for me for years, under spam
loads that few people believed were possible.  So your local
implementation of consent should be adequate to block non-consensual
traffic.  If that's insufficient, you can broadcast your lack of
consent to groups of people with common interests, like DCC.


Given those issues, putting the blame on SMTP is pretty laughable. 
The problem has nothing to do with technology, and everything to do 
with society.


  I wouldn't propose "arresting society" to fix the spam problem.


 That's not to say that technology can't alleviate the problem.  But
"fixing" SMTP is not going to solve anything.  Technically the SMTP
fix already exists, and has for years.


  Are you saying that SMTP implements enough of a consent model that
we would have little spam if the full features were used?  If so, why
not propose a BCP, or point out which existing BCP's are adequate, and
request that ASRG be disbanded.


The hard part, according to Hoffman and others, is establishing
the "trust relationships" required to back up any computer-based
authentication scheme--in other words, verifying that a person is
who he or she claims to be.


  Which is explicitely outside of SMTP, which means that SMTP alone is
currently unable to address the issue.  So we either need to "fix"
SMTP, or "fix" current practices with it, or add better consent model
on top of it.

  Alan DeKok.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] RE: 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks, Terry Sullivan
Next by Date:  Re: [Asrg] 2.a.1 Analysis of Actual Spam Data - Titan Key reduces spam attacks, Alan DeKok
Previous by Thread:  Re: [Asrg] 0. General - News Article - Replacing SMTP, Kee Hinckley
Next by Thread:  Re: [Asrg] 0. General - News Article - Replacing SMTP, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]