On April 20, 2004 at 03:56 johnl(_at_)taugh(_dot_)com (John R Levine) wrote:
Hi. It's me, Mr. epostage-can't-work.
I need to keep rewriting my epostage paper to make the fundamental points
clearer. The three big issues are transaction costs, settlements, and
identity.
Some critical thought as to why a particular model which supports an
objection might just be a bad model would be useful also. Straw men
and all that.
Another is that no postage scheme in the history of mankind has
existed to deter use rather than to pay delivery costs, but let's skip
that one and decide to innovate.
Really? So you figure if paper postage were free it wouldn't have the
effect of increasing volume? Or is that an unconscious or accidental
result? There's something about willfulness in that assertion which
has me confused.
The transaction cost issue is the simplest: any kind of e-postage system
is going to need a transaction per message to check the stamps. Spammers
are going to put bogus e-postage on their mail, and the only way to see if
an e-stamp is valid is to check with the issuer. Even if you use a crypto
signature scheme to see if the stamp is real, you still need to ask issuer
if it's already been used somewhere else. I have yet to see a faintly
plausible plan that would build and pay for a transaction system big
enough to handle the world's e-mail. I'm not talking about settlements
here, just whether the stamp is OK. The biggest transaction system to
date is the one for Master Card and Visa, and it's both too small and too
expensive by several orders of magnitude each.
Again, you're describing a particular model which is easy for you to
object to, a straw man.
How come SSL certificates in HTTPS transactions can work? Aren't they
reasonably analogous?
You settle at the ISP level ...
Settlements: You run an ISP, you tell us. There are something like 5000
ISPs in the U.S. and probably at least that many outside the U.S. Are you
going to send out 5000 checks every month for your settlements? (Or net
Sounds like a great job for a service organization, if that's the way
it's done at all. Send in your numbers, they can generate the n-way
settlements and send out a single bill or check to each client.
That doesn't sound too hard.
it out with each, so it's on average only 2500.) How are you going to
keep track of whether the other ISPs have paid up, and if they don't, what
will you do about it? You can't wave these issues away, these are the
nuts and bolts that make a payment system work or not, and if you don't
shut down the deadbeats, the e-postage stops being real money.
So you shut them down, refuse their mail, cancel their stampmaking
ability (revoke their certificate.)
But why in the world would you be worried about collections issues in
a forum like this, except inasmuch as you think you can use it to
raise another objection.
It makes wonder how in the heck can ISPs like me possibly charge
customers to connect to other ISP's customers web sites etc? Why don't
the settlements etc drive us to drink? How can we collect?
Well, it's not really a problem, is it.
Maybe there are no settlements, who told you there have to be
settlements?
Again, you're arguing with a model which you made up (or chose)
because it's easy to argue with.
If the ISPs do the settlements on behalf of their customers, the ISPs are
acting as banks, with all of the fraud and default problems that regular
banks have, and which they spend a lot of money to handle. Real banks
So now banks can't work?
handle the clearing problem with centralized clearing systems they all
join, Mastercard/Visa for credit cards, NYCE, Cirrus, and PLUS for ATM
transactions, and the Federal Reserve for checks. These all cost a lot
more per transaction than any likely e-postage system will collect, and
are designed in a world where the vast majority of transactions are OK and
you handle the bad ones as exceptions, which doesn't impress me as a good
model for an environment where spam is 80% of all mail and growing.
Well, then it wouldn't be wise to design it like that, would it?
Even worse, what about the ISPs that aren't in the US? How do you send
50 cents to each of five ISPs in Bangladesh? Credit cards?
You're just inventing this awful model and running with it as far as
you can aren't you?
Identity: lots of people have pointed out the zombie problem, that
spammers will hijack Aunt Betsy's computer and charge the postage to her.
The response I usually hear from epostage enthusiasts is that Aunt Betsy
won't let the zombies on her PC once she's had to pay a few hundred bucks
in spam epostage. Based on my observation of the real world, that's not
gonna happen. Every month you see the predictable story about some loser
whose PC got misconfigured or got a Moldavian dialer installed or
something, and was shocked to get a thousand dollar phone bill. Do they
actually pay the thousand bucks? Never. They negotiate it down, stiff
the phone company, or something. ISPs would be stuck in a no-win
situation where their customers will hate them if they try to collect, and
their e-mail peers will hate them if they don't.
Hmm, it seems to me what you're saying is that the phone companies
have already developed a completely workable model for handling these
hard cases which the ISPs might consider adopting.
Where's the objection, other than their tone.
You're right, as an ISP I strive to not have my customers hate me, so
I guess that other model would be better, some forgiveness and
education.
Howsabout the whole damned phone system? Isn't that essentially a
"micropayments" system in many aspects?
In some, yes, in others, no. It differs from e-mail in that it's a closed
system, with relatively few players, rather stringent barriers to entry
and really complicated financial settlements that start with the
difference between "bill and keep" and "reciprocal compensation" and get
worse from there, with the ITU, an impenetrable government
meta-bureacracy, in the middle.
But it works, within reason, right? So what exactly is your point?
That you personally find it too complicated?
Don't people feel a little silly arguing that the entire phone system
as currently constituted among several billion people world-wide
represents a charging/payment model which is easily (in a few pages of
this paper, apparently) ``proven'' to be completely untenable because
someone, somewhere might defraud it etc?
You must have read some other paper than the one I wrote, because I never
said or implied that.
Well, you did say that charging per usage can't work.
Here's a thought experiment: imagine that you run a store in some part of
the wild west, and 90% of the cash that people offer you to pay for stuff
Wait, people did run stores in the wild west, didn't they?
is bogus. How are you going to handle transactions? How long will you
And I think that's the context from which came the familiar American
expression "Don't take any wooden nickels!"
Didn't everyone have an uncle who'd say that all the time when you
were a kid?
spend examining each coin? Will you refuse to do business with anyone
who's offered you bogus money? What about people who've gotten it in
Sure, wouldn't you refuse bogus money? Don't take any wooden nickels!
change somewhere else and didn't notice? This is the environment
e-postage has to face, not a little fraud, but vastly more bogus
transactions (at least attempted ones) than real ones. I don't know of
any financial system that works in an environment like that.
Only when you get to set up the straw man.
It's time to go for an e-postage system that simply reflects the
resources being used.
OK, so build one. I don't know how to build one where the transaction
costs aren't 10 times greater than the costs that the transactions are
On this we agree.
supposed to cover, despite a decade of micropayment research, but maybe
Yeah well I'd avoid micropayments because they don't solve the
problem, as you've pointed out.
we've overlooked something. I think we all agree that it's not going to
sit on top of SMTP mail, so someone should take a tip from the phone
system, build a closed system that you can only get into by spending a
hundred grand and being approved by the club that runs it, and give the
end users a nice point and click program that runs on Redmond Crudware yet
isn't going to be instantly subverted through the weekly egregious system
security hole. People will rush to use it. Right?
I dunno, what's your take, that people don't use Microsoft software?
At any rate, this is just more straw men.
Why don't you be a little more honest: You don't like the idea of
e-postage probably because it sounds like maybe you'd have to pay for
something you don't have to pay for now, and your reasoning works
backwards from that desired conclusion.
Tragedy of the commons and all that.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg