ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Email Path Verification (hashcash benchmarks)

2003-09-14 13:52:32
Imagine how effective we would be against corporate interests if they could use the DMCA to revoke your ability to send e-mail. That is what authentication systems buy you. It is a system enabling censorship.

I'm probably going to get pilloried for this but like it or not, spam is speech in the same way that naked breasts on a dancer, Johnny Ashcroft Patriot act roadshow, burning a flag of any country, and even yelling fire in a crowded theater is speech.

<offtopic>
Or the British National Party. They have a right to exist, as long as they don't actually break any laws, and we have the right to pour scorn upon them for their neo-Nazi and totalitarian agenda. Really, if the BNP didn't exist, their members would pop up in the mainstream parties and *then* we'd be in trouble.
</offtopic>

But with all speech comes costs. Free is not equal $free$ and if you're willing to bear the cost, you can make the speech. At the same time, part of the freedom of speech is the ability to be heard but you cannot force others to listen.

The more we can follow that model of speech, the closer we will be to a good antispam solution.

You're right, highly centralised authentication systems are censorship waiting to happen. That's one reason why the system I suggested recently is moderately decentralised - there is no mandated group of "root servers" as in DNS, instead the recipient's MAA chooses a trust directory, and the recipient chooses the MAA.

Key is the fact that the recipient chooses who verifies the sender's chain of integrity. That means he can choose what groups of senders to not listen to. If one trust directory goes "bad", MAAs and/or recipients can switch to a new one. There's also not much barrier to entry to setting up a new trust directory or MAA, if you think one's needed.

Most of my ramblings in this thread really have to do with how hashcash might be useful as a supplement to my own authentication system, and how it would impact users *that I know* who have somewhat lacking hardware. There's a surprising number of older machines out there which are entirely adequate for their users.

Remember that in my system, the MAA handles authentication via a signature, and it would also be possible - even practical - to have it handle hashcash for (a subset of) it's users as well. That's why I've moved on to the operational considerations, rather than the obvious technical ones, before I decide whether it would be worthwhile to add to my draft document.

In other words, I'm convinced the technical hurdles can be overcome - in the context of my own system. I'm less sure of other systems, particularly those that seem to require coprocessing hardware for the low-end users when the postage costs escalate.

BTW, I do have some Java skills, but I find using them gives me COBOL fingers.

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website:  http://www.chromatix.uklinux.net/
tagline:  The key to knowledge is not to rely on people to teach you it.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>