ietf
[Top] [All Lists]

Re: authenticated email

2003-06-04 04:48:21
On Wed, Jun 04, 2003 at 09:02:57AM +0300, Jari Arkko wrote:

Without trust roots, webs of trust, or additional
mailing list daemon features, signed e-mail doesn't
really add anything, at least not now.

Signed e-mail could help ensure that e-mail
sent to a list comes from the same person
as the one who subscribed to the list. But then
again, the same feature could be implemented
much simpler by some header which must stay
constant from the same person and is stripped
off by the list daemon when forwarding the mail
to the subscribers.

Signed e-mail is useful for assuring that e-mail message sent at one
point in time is the same as an e-mail message sent earlier.  (Not
necessarily just for list mail, but also for person-to-person mail.)

So, its the same old question once again: how
do we all enroll ourselves to the same trusted
root or web of trust? 

For the specialized case of preventing SPAM, it's not necessarily
necessary to do the full authenticated e-mail where we know the
identity/passport number/Al Quaeda cell designation of the sender.
(Such things are of interest to John Ashcroft and others of that ilk
pushing "Total Information Awareness", but it's not really needed if
the only requirement is to stop SPAM.)

So imagine a system where if you want to send private e-mail to
someone, your public key figureprint must either be on a list of
acceptable senders, or you must submit some kind of mathematical
evidence that you have spent 5-10 minutes of CPU time crunching on
some particular problem.  After you do this, you get added to that
person's "good guys list", unless it turns out that you have sent spam
or something else annoying/abusive, at which point the user can remove
you from the trusted list, and the next time you want to send e-mail
to this person, you have to crunch for another 5-10 minutes of CPU
time.

Yeah, some special provision would be needed for CPU-limited PDA's,
but most PDA's that I've seen don't attempt to talk to the network
directly; they generally go through some kind of mutually trusted
gateway box that could do the CPU crunching for them.  (Or you could
argue that since that initial contact simply won't be supported from
by CPU-limited PDA's if they don't have a mutually trusted third party
that can "pay" the hashcash for them.)

The point of this message is not to argue that this is the Right Way
to do things, but to point out that you don't necessarily have to
solve the authenticated e-mail problem ("I invoke PKI; your project is
doomed to long, slow, painful, lingering death") in order to solve the
SPAM problem.

                                                - Ted



<Prev in Thread] Current Thread [Next in Thread>