On November 17, 2008 at 17:45 d(_dot_)wall(_at_)computer(_dot_)org (David Wall)
wrote:
The post office can do postage because it alone offers the service and
can verify the postage, whether you print it or not.
You'd better tell that to fedex, UPS, DHL, etc.
But what are you saying, that it's impossible to generate a key which,
to a high degree of probability, can be verified as authentic to some
purpose? That's all a stamp is.
In email, how will this work? Who does the verification? If it's the
recipient system, this is NOTHING LIKE postage, which is verified by the
sending transport.
Well, if you look back I didn't originally use the term "postage" but
others did and the analogy was comfortable enough in terms of someone
pays to get a message delivered so I ran with it.
So it's SOMETHING LIKE postage.
If it's the sending system in email, then as a
spammer, I'd just not do that check. The post office provides a
centralized service, whereas email goes about its business without any
such centralization or agreements between POs of different countries.
Same goes for telephone service that was used before as a poor analogy.
Well, if I bought the right to generate keys in a certain range and
affix those keys to email and you had an interest in only accepting
email (say, outside of your private whitelist) which had verifiably
authentic keys, to a reasonable degree of authenticity, that's
similar.
The "post office" as you're describing it is in this case a mixture of
the issuer of the keys (kinda like SSL CAs) and the software the
end-user or receiving system can run to verify those keys (kinda like
browsers checking SSL certs.)
Yes, it's much more highly automated than physical post offices. But
that would seem to be a requirement and a feature, not a bug.
You keep saying they are all arguments against postage are "strawmen,"
No, I said the strawmen were strawmen.
Like that this wouldn't fly because grandma wouldn't pay for it and I
pointed out (again) that in my scheme I wouldn't charge grandma, only
large bulk users, so that's a (dare I say it again) straw man. That
is, an objection based on a mode of operation I never proposed, and
specifically disavowed several times.
which itself is tiring of you, but why don't you do a bit more research
on it and propose something substantially thought out and then we can
discuss it.
I am sorry if you're getting tired.
But you know what gets really tiring? Meta-discussions about whether
or not something should be discussed. I daresay that's what way more
than half of the volume on this topic is about.
It's common because talking about whether or not to talk about
something is so much easier than actually adding anything useful to a
discussion.
There's just something in some people that when they sense the topic
has turned to whether or not to discuss something they get energized
and begin posting and posting on that.
It's so much easier and less personally risky than substantive
discussion.
I mean, who can tell you you're factually wrong and ignorant for
saying STFU? Not much risk in that!
And the beauty is the original topic starts to actually feel tiring
because of all the wading thru the meta-discussion.
Clearly these pointless emails we're sending are not moving the idea
forward in your opinion,
Au contraire, I think a lot has been discussed and kicked around.
What's mostly been challenging is some simple meeting of the minds on
whether or not charging bulk senders based on usage would be effective
in combatting spam, as a concept, rather than laying out questionable
algorithms and then showing that they're questionable or debating the
moral risk.
and certainly they are not in mine, so more
details need to be worked out before you bring it up for discussion.
Is that a consistent standard of discussion or is that only for ideas
you personally don't like?
Maybe what you need is a mail filter of some sort rather than a bully
pulpit. Or would not seeing the email on this topic be insufficient,
it is only changing my behavior which satisfies?
Nobody builds consensus or a new standard through point/counterpoint
email exchanges with zero details and no blueprint spec. Some real work
should be done first, making a reasoned proposal that others can then
review and consider its merits. The best standards are ones that are
shown to work in practice first, not in advance. There are many good
ideas, especially standards created before being built, that turn out
less than stellar in practice or worldwide acceptance (WEP, much OSI,
CORBA....).
Yeah but this is a research group not a standards group.
I think I now understand your objection. Maybe you need to unsub and
wait until a STANDARDS group arises?
See, this research group exists because spam and related is a
vexatious problem and good ideas are, well, few and far between.
A *standards* group like WEP or OSI (OSI? Did you really offer OSI as
a positive example???) et al is mostly a general agreement on what is
to be accomplished, such as "we need to encrypt wireless packets", and
then a process of agreeing on things like header formats, bit and
integer flags, state diagrams, those sorts of things.
It can be challenging, but it's a far different beast, it's
engineering not research.
Engineers mostly tinker together well-understood pieces to solve
well-understood problems to meet various cost, time, functional, and
performance metrics. Researchers tackle problems with hard unknowns.
To continue with your example, at the outset pretty much no one doubts
that encrypting wireless packets is possible, they just have to agree
on formats and some details. Brainstorm a little on future
expandability, etc.
Now, compare and contrast to stopping spam at least to a degree that
we no longer feel any urge to talk about it.
No one here knows if it's possible in general. We know we can stop one
spam, two spams, ..., N spams. But enough spams that it ceases to be a
problem? No. And no obvious path to how to do that.
That's a far cry from how many bits for addressing or length and what
sort of flag values we define.
Anyhow, this isn't a standards group. If you want to be involved with
a standards group you should by all means find one and jump in.
I suppose the other alternative is to try to limit discussion to
things we can fully understand like what should be the format of a
DNSBL return message, but that wouldn't be research, it'd be a
standards effort and there ought to be a standards group that sort of
thing is quickly moved off to and maybe that's where you'd be more
comfortable. Don't get me wrong, it's honest work.
And like my company does, there are lots of messaging platforms that
work well and have no spam/virus/bot issues and are in the marketplace
now. These are not international standards (yet?) and certainly are not
replacements for today's email. But work progresses....
So, you have some vested interest in all this. Good. So do I. But
perhaps from different ends of the spectrum, no?
So, tell me, if we could magically create and enforce a usage charge
for bulk sending how would that affect your company's products and
markets?
--
-Barry Shein
The World | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg