At 11:09 AM 8/14/2002 -0400, Melinda Shore writeth:
From: "Thomas J. Hruska" <shinelight(_at_)shininglightpro(_dot_)com>
The "technical mechanism" of the trust system I previously mentioned on
this list is being _completely_ ignored. It is *THE* most viable solution
anyone has come up with to date in this thread and I am waiting for people
to respond to it.
It's completely unwieldy and renders email, as we currently
understand it, useless. The assumption that you'll be able
to find non-email contact information for everyone to whom
you'd like to send email, or that they're reachable at all
by other means, is not a good one. It also has terrible
scaling properties.
The beauty of business cards and webpages. The trust system can be set up
to have a specific channel for anonymous users who have a specific keyset.
If people want to make initial contact with you, they just grab the keyset,
plug it into their trust system and send their message (e-mail) to you. If
the keyset is nabbed by spammers, it gets changed. Only a few people will
be affected by such a change and only for a short time since trust is
usually established after a couple e-mails. Spammers would have to go back
to the source and get the new keyset. This will result in spammers
eventually having millions of useless keysets and thus make spamming a
*very* expensive proposition (instead of a 1:5 ratio, a 1:10,000,000 ratio
in terms of successfully sent and received spams in someone's mailbox).
Note that the work of the IETF is done by email and is
dependent upon the free flow of email to be successful. One
of the great things about email is that it's asynchronous.
Stuff comes and goes and we can deal with it at our leisure
or we can deal with it immediately - it's our choice. If
the flow of email suddenly started requiring synchronous
interruptions, like telephone calls, IETF work would become
far more disruptive and more difficult to justify to
employers. And then there's the timezone thing.
As to synchronous/asynchronous operations, I was only offering the usual
contact methods ordinary people use as suggested ways the trust system
_COULD_ work. Mass mailing lists like this one would probably fall into
one trust level and a private mailing list trust keyset can be used to
individually e-mail members of a mailing list (which gives list members the
option to be privately e-mailed or not). So, using your private IETF trust
keyset you can e-mail me directly without needing the anonymous keyset and
not risk keyset changes.
So, IETF work can continue as usual as well as operate with the security a
keyset brings to the trust system.
As I said, my idea is not perfect, but it certainly is better than charging
people money for e-mail.
Hope this helps!
Thomas J. Hruska -- shinelight(_at_)shininglightpro(_dot_)com
Shining Light Productions -- "Meeting the needs of fellow programmers"
http://www.shininglightpro.com/