ietf-asrg
[Top] [All Lists]

Re: [Asrg] E-postage from first principles

2004-04-29 20:14:15
Barry,

This sounds like accreditation, not e-postage.

Yakov

Barry Shein wrote:
I don't find compensating recipients interesting or relevant so that's
a straw man. Does the post office charge postage soas to pay
recipients? W/o stretching the point?

Anyhow, e-postage is a way to make the price reflect the usage.

Here's another simple outline that would not be subject to all these
straw man arguments:

1. A stamp is a cryptographic signature identifying the ISP affixed to
e-mail.

2. The certificate for creating such stamps is bought by the ISP from
approved certificate-issuing authorities, much like SSL certs at least
in theory.

3. The cert is issued for some rough amount of email, 100K/day,
1M/day, etc. and the price reflects that. The ISP will in some
industry-agreed upon way provide some basic evidence that the cert is
probably about right. This can be verified via auditing, sampling,
etc., basic business records might help (everyone knows AOL has
whatever, 2.5m customers, no one would believe them if they said they
only plan to send 100,000 mail msgs per month, etc.)

Similar sampling-based methods (to keep things reaonably honest) have
been used for over 75 years for radio music royalties, also similar
systems are used for trade magazines subscription/ad ratios, etc. so
if you're not familiar with examples such as those look into it
because it would seem to be a rich source of ideas.

The important point is that you don't have to be absolutely accurate,
just accurate to a degree, i.e., not buy a 100K/day cert when
intending to send 10M/day. Getting caught cheating should be fairly
serious. Obviously a simple mistake can be fixed etc (oh don't jump on
it there are many business contracts where you have to
estimate/project usage and then settle up later.)

4. Recipient ISPs (and end-users for that matter, tho it's not
necessary) can verify the authenticity of certs and if they like
verify that a cert hasn't been revoked (one might do this with an
authority server for every 100K uses or once a day or hour, the
downside isn't all that serious usually.)

5. Recipient ISPs can choose to do what they like with email msgs
without good certs. They might deliver them, but they might be advised
to (after some transition period) reject them because that's what
would make the system work.

6. ISPs may pass these costs along to their own customers however they
like, that's a marketing decision. Most likely they'd allow some
number of msgs "for free" (included in basic acct fee) and charge for
usage beyond that. They might sell a mailing list package for $20/mo
extra that includes another 100K msgs/mo, whatever.

7. But the important point is that ISPs would be highly motivated,
assuming a reasonable cert price structure, not to allow customers to
send millions of msgs per day unrestrained. How they handle accidents
or break-ins would be their own choice of policy, but they might be
well-advised to practice some leniency if they wish to keep their
customers happy.

I don't see any settlements, per-message real-time interactions,
onerous book-keeping, etc in any of that.

--
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"And this too shall come to pass"

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg