ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: proposal for built-in spam burden & email privacy protection

2004-02-09 14:13:23
from [Franck Martin] [Permanent Link] 
On Tue, 2004-02-10 at 01:35, John C Klensin wrote:


--On Sunday, 08 February, 2004 20:21 -0600 Spencer Dawkins 
<spencer(_at_)mcsr-labs(_dot_)org> wrote:


Hi, Ed,

I don't know everything about e-mail, although I do send and
receive e-mail from time to time.

I would be interested in reading reasons from others why this
is a bad idea. It seems interesting to me.


Let's assume I have a mailing list.  Take the IETF list as a 
handy example.  This technique implies that

(i) The IETF list exploder needs to track several thousand (I'm 
just guessing at the number here) public keys, encrypt each list 
message separately and mail it separately or encrypt each 
message going out for all of the recipients (the latter is 
somewhat less network intensive on some dimensions, and slightly 
less computationally intensive, but not much, and would ensure 
that every message going out, even trivial ones, was 40K-50Kb 
long, minimum).  With current computational capacity at the 
secretariat, I think that would probably throttle the IETF list 
back to a handful of messages a day, total.  That might be a 
good idea, but is probably not the intent :-(


I'm not asking for the list to encrypt the e-mails to each member, but
just to pass along the esig as it does now... see this esig mail. May be
the list can check the esig of the person posting, or each one of us
check it.. I would prefer if the list does it and held anything else for
individual approval by moderators of the list




(ii) All a spammer would need to do would be to guess or know 
one of the addresses that is subscribed to the IETF list, or 
subscribe temporarily himself, then post the spam to the list, 
in order to get the list exploder to do that work for him.



If he subscribes himself, then we have his e-mail address and then his
provider and may be an IP and time, so we could track him down in the
real world and may be sue him...



Now, Franck's suggestion would work better from a list 




----
Franck Martin
franck(_at_)sopac(_dot_)org
SOPAC, Fiji
GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9  D9C6 BE79 9E60 81D9 1320
"Toute connaissance est une reponse a une question" G.Bachelard

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: proposal for built-in spam burden & email privacy protection, Robert G. Brown
Next by Date:  Re: proposal for built-in spam burden & email privacy protection, Franck Martin
Previous by Thread:  Re: proposal for built-in spam burden & email privacy protection, John C Klensin
Next by Thread:  Re: proposal for built-in spam burden & email privacy protection, Dean Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]