On Mon, 1 Mar 2004, Paul Vixie wrote:
And everyone else needs to move from the generic reference to
"consent" on to something that is more concrete, as well as being
integrated into a full range of human uses for email.
i'm pretty comfortable with www.dictionary.com's definition of "consent".
Ah, are we about to develop psmtp (psychic simple mail transport
protocol)? The first mail protocol that can read my mind and see if I
"consent" to a particular communication before I (or rather, my mail
agent, since that's where one part of the abuse occurs) receive it?
That's a neat trick...
Logical analysis reveals that psychic filtering is what is required to
avoid any chance that I could get abusive email, e.g. spam, while still
permitting a full range of desired communications including those from
strangers, without extra "approval" steps (of which most
users/administrators will definitely not approve and which would let
spam through anyway, at least to the point where they have to see it and
not approve).
Or is "consent" a mnemonic for breaking the entire Internet into White
and Black lists with no grey sites whatsoever according to a common
standard, PRESUMING that I and all other users would consent (in fact
have consented, via inherited Acceptable Use agreements) to turn off all
internet access -- at least to those resources we control -- to those
that chronically abuse those resources?
The latter is not so crazy. It is more or less what "enforcing existing
AU agreements" would be, were there an actual PROTOCOL for such
enforcement instead of an incomplete and inconsistent hodgepodge of AUs
with spotty enforcement and no way to make enforcement universal. I've
called for something like this as an obvious first step to regulating
spam and other abuse in a couple of my earlier responses. My attention
was drawn to:
http://www.camblab.com/misc/univ_std.txt
which seems to be a very, very practical and immediately feasible way to
secure the protocols we have now. Curiously, it works by formally
defining a process for converting the Internet into white (or at least,
very light grey:-) and blacklists of a sort and enfolding this into
effectively all internet services. It has the delightful effect of
punishing the abusers and not the innocent, and of punishing (by
blacklisting) the SPs of chronic abusers (the ones who profit the most
from abuse) to precisely the point where they responsively police their
own networks or go out of business, whichever comes first, and of
permitting that "disconnection" to be done by anybody from a common list
rather than waiting for the SP's PoP provider to go through THEIR
various internal due processes (if any) and pull a plug that might be
making THEM a lot of money...to the discomfiture and waste of money
spent by everybody else.
This document puts forth a >>measure<< of abusive behavior that causes
us (the "Internet") to withdraw our >>consent<< for all kinds of
transactions and is the first step to a >>protocol<< that permits this
consent to be effectively immediately withdrawn from a common and
dynamic (in both directions, as black sites are policed white again).
In a consensual anarchy like the Internet, it is definitely the right
way to proceed, as for the first time newsletters such as Security Wire
Digest contain rumblings calling for and warning of government
regulation that (while certainly welcome with respect to certain forms
of abuse) can easily turn into the nose of a big, ugly, smelly camel
under the Internet tent. Or end up endorsing a witless and expensive
solution to the great profit of some congressman's biggest donor.
Maybe I just like it because it agrees with my own point of view (the
definition of an intelligent person being "somebody who agrees with
you", after all:-). It's worth a read.
rgb
--
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525
email:rgb(_at_)phy(_dot_)duke(_dot_)edu