On Jan 22, 8:40pm, Michael Kaplan wrote:
}
} Yes we should consider its annoyances, but we should balance it out
} against its short term and long term promise.
It's not really a matter of annoyance.
I don't think ISACS has any single major flaw. Rather, I think it faces
a number of impediments to implementation, any one of which you might
argue is not insurmountable, but which taken together leave me doubting
its viability. In no particular order (and all in my opinion) ...
- You've underestimated the frequency with which user still type email
addresses manually. If random subaddress are to become universal yet
"invisible", it will an require unprecedented degree of automated email
address management in every UA.
- It'll be a slow and difficult process to establish automatic handling
of challenges among "trusted" domains. Your assessment of the simplicity
of identifying challenges resulting from forgery is too optmistic. Also,
automated management requires extensive cooperation between servers and
UAs -- who decides which one processes the challenge and handles address
book updates?
- The extra traffic from both real and spurious challenges is an unknown
cost. Your proposal for forgery detection upon receipt of the challenge
has ramifications for both network and storage costs.
- The costs to non-spammers of managing rejections may be higher than you
predict, especially in "phase 1".
- It'll be very difficult to establish a global reputation system, for
political reasons if not for technical ones.
- The typical end user is lazy and apathetic. The average non-techie
will not properly manage/use his own subaddresses, and is likely to be
unwilling to expend extra effort to manage his contacts' subaddresses,
even if he doesn't simply find the process too confusing. (The number
of people who still think they need to prefix their email address with
"www." is mind-boggling.)
- You've overestimated the simplicity of resending rejected messages, and
underestimated the number of mailboxes that will never be "protected"
because, e.g., the owner feels he can't afford to make it more difficult
for new contacts to get their messages through.
I'll probably think of a few more, but I've spent long enough on this.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg