Re: [Asrg] 6. Email Path Verification (hashcash benchmarks)
2003-09-14 13:52:32
Imagine how effective we would be against corporate interests if they
could use the DMCA to revoke your ability to send e-mail. That is
what authentication systems buy you. It is a system enabling
censorship.
I'm probably going to get pilloried for this but like it or not, spam
is speech in the same way that naked breasts on a dancer, Johnny
Ashcroft Patriot act roadshow, burning a flag of any country, and even
yelling fire in a crowded theater is speech.
<offtopic>
Or the British National Party. They have a right to exist, as long as
they don't actually break any laws, and we have the right to pour scorn
upon them for their neo-Nazi and totalitarian agenda. Really, if the
BNP didn't exist, their members would pop up in the mainstream parties
and *then* we'd be in trouble.
</offtopic>
But with all speech comes costs. Free is not equal $free$ and if
you're willing to bear the cost, you can make the speech. At the same
time, part of the freedom of speech is the ability to be heard but you
cannot force others to listen.
The more we can follow that model of speech, the closer we will be to
a good antispam solution.
You're right, highly centralised authentication systems are censorship
waiting to happen. That's one reason why the system I suggested
recently is moderately decentralised - there is no mandated group of
"root servers" as in DNS, instead the recipient's MAA chooses a trust
directory, and the recipient chooses the MAA.
Key is the fact that the recipient chooses who verifies the sender's
chain of integrity. That means he can choose what groups of senders to
not listen to. If one trust directory goes "bad", MAAs and/or
recipients can switch to a new one. There's also not much barrier to
entry to setting up a new trust directory or MAA, if you think one's
needed.
Most of my ramblings in this thread really have to do with how hashcash
might be useful as a supplement to my own authentication system, and
how it would impact users *that I know* who have somewhat lacking
hardware. There's a surprising number of older machines out there
which are entirely adequate for their users.
Remember that in my system, the MAA handles authentication via a
signature, and it would also be possible - even practical - to have it
handle hashcash for (a subset of) it's users as well. That's why I've
moved on to the operational considerations, rather than the obvious
technical ones, before I decide whether it would be worthwhile to add
to my draft document.
In other words, I'm convinced the technical hurdles can be overcome -
in the context of my own system. I'm less sure of other systems,
particularly those that seem to require coprocessing hardware for the
low-end users when the postage costs escalate.
BTW, I do have some Java skills, but I find using them gives me COBOL
fingers.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), (continued)
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Eric S. Johansson
- Re: [Asrg] 6. When To Reject, david nicol
- Re: [Asrg] 6. When To Reject, Brad Knowles
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Eric S. Johansson
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks),
Jonathan Morton <=
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Eric S. Johansson
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Brad Knowles
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Eric S. Johansson
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Brad Knowles
- Re: [Asrg] 6. Email Path Verification (hashcash benchmarks), Jonathan Morton
Re: [Asrg] 6. Email Path Verification, Scott Nelson
|
|
|