[changed subject to reflect where this is going]
Hallam-Baker, Phillip wrote:
[snip history]
The application to spam is obvious and utterly anti-social. Best thing that
can happen here is for the patent to kill this obnoxious and clueless
mechanism.
The problem with general C/R is that it's trying to achieve two separate
purposes. It's doing return-path verification, and it's doing
sentient-sender verification. Return-path verification is not inherently
anti-social, so long as it doesn't necessarily bother the original sender
(pick your own definition of 'bother'). Sentient-sender verification is
quite reasonably considered inherently anti-social by some.
Return-path verification definitely has some value, but we need to work out
a standardized way of doing it. We would never accept that a TCP connection
is valid after receiving only the SYN packet, so why should we accept it for
email?
Proposals like CRI could be used to provide end-to-end return-path
verification by automatically ACKing the challenge, assuming that it only
asks 'did you send something?', not 'did you, as a sentient being, send
something?'.
I'm not going to comment on the technical merits of sentient-sender
verification because it is inherently a social problem that we're not tasked
to deal with.
Philip Miller
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg