ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] The fundamental misconception about POSTAGE METERS

2008-12-03 11:34:23
from [Bart Schaefer] [Permanent Link] 
On Dec 3, 12:08pm, John Levine wrote:
}
} >Stop. How does he get a "meter"?
} 
} He buys one from the cheapest sloppiest bank around, of course.  There
} will be the inevitable race to the bottom, with the banks doing the
} absolute minimum necessary to avoid annoying recipients so much that
} they manually take them out of the recipients' list of issuers.

[...]

} I think it's reasonable to assume that bad guys will be able to crack
} any software based meter.  (An obvious attack is to snapshot the newly
} installed meter and restore the snapshot whenever it runs out of
} money.) Are you expecting meters to include tamper resistant hardware?

What Gerald and I are expecting is that meters are sold not to senders,
but to recipients.

All the sender does is present his identity.  The recipient's postage
meter issues a stamp which is only good for sending one message to that
recipient.  The sender's "coin" has to come from a bank trusted by the
recipient to have reasonable (not perfect) double-spending prevention
and only the recipient and the bank are involved in the transaction once
the sender's identity is presented.

Substitute "recipient's agent" (e.g., ISP) where appropriate.

The sender's identity doesn't even have to be authenticated, because the
bank has a trusted relationship with the recipient and the recipient can
be authenticated.  To reduce the impact of identity theft, the bank can
(for example, and in cooperation with other banks) check the recipient's
identity against a list provided by the sender of "people who are allowed
to charge me for email."  (Note the mail can still be allowed to go ahead
if the recipient is willing to issue a stamp without payment.)  There can
be controls on the size of the list and how rapidly it's allowed to change
without out-of-band communication, like a watch list on a credit card, to
limit scripted manipulation by an pwn3d computer.

Yes, all of this takes a lot of setup that doesn't happen now.  There are
still a whole variety of questions about whether it's viable to create
such a system.  But can we please stop arguing from the assumption that
senders can arbitrarily print and re-use one stamp for many recipients?
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] A paper/project worth considering (found it!), Jeff Macdonald
Next by Date:  Re: [Asrg] Redirection at SMTP session, SM
Previous by Thread:  Re: [Asrg] POSTAGE, was The fundamental misconception about paying for mail, Rich Kulawiec
Next by Thread:  Re: [Asrg] The fundamental misconception about POSTAGE METERS, Gerald Klaas
Indexes:  [Date] [Thread] [Top] [All Lists]