ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: E-postage

2004-04-21 17:40:47

On April 21, 2004 at 07:14 mouse(_at_)Rodents(_dot_)Montreal(_dot_)QC(_dot_)CA 
(der Mouse) wrote:
In brief how about:

   A) Each ISP creates stamps according to some accepted method,
   probably some cryptographic approach. Think SSL certificates or
   some similar precedent.

How do you stop spammers from acting as ISPs and issuing stamps to
themselves for free, without also cutting out individual and other very
small sites (like two-person SOHOs) running their own mailservers?

You wouldn't honor them.

Small sites would probably get any such credentials from their
provider, something like a postage meter.

All this looks like to me is whitelisting based on signatures (and all
that really has over whitelisting based on outgoing mailhost is that it
works through multiple hops), and does nothing at all to help people
decide which signatures to whitelist (which is the hard part of such
whitelisting, because it's the part that has major scaling issues).  If
you have only a few stamp issuers, it becomes a slightly odd flavour of
sender certification, and rather weak sender certification at that.

More like the latter, or at least to the degree that SSL certs might
be, and the objection is?

The critical aspect is to get the metering working, to let parties
begin to know, as a regular part of doing business, what's going on.

Remember that old adage about "Mechanism, Not Policy"?

Part of the problem with the e-postage discussion is that people are
trying to imagine every aspect of policy to see if they still like the
idea.

That's very hard and, for those so inclined, easily leads to
objections:

    So, Mr Ford, you're going to manufacture and sell everyone one of
    these automobiles! And where exactly are they going to drive them?
    What roads would they use? The current roads seem inadequate for
    motor-driven vehicles. And what's to become of our thriving horse
    and buggy industry? Civilization has done just fine for 10,000
    years without these noisy things, why should we be interested?

Policy should probably be developed as a consensual act among ISPs and
others.

Mechanism should be discussed here.

Although I agree that some discussion of policy etc is very useful
just for plausibility and impact, but the limitations of such
discussions have to be kept in mind.

-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg