i'm pretty comfortable with www.dictionary.com's definition of "consent".
Ah, are we about to develop psmtp (psychic simple mail transport protocol)?
no. but through a combination of open source and public benefit licensing,
we are eventually going to be able to tell whether a message was generated
by someone who was present and gave consent, or whether it's just wormware;
and whether the owner of an ip-using device intends to act as a mail server;
and whether a bond has been posted by this present/consenting sender and if
so how much; and whether there exists or not a trust path from the sender,
through their bank or school or employer or insurance company to the
recipient. the internet doesn't care what your meatspace identity is and
anonymity is a necessary way of life -- but we do care very much whether
transitive trust exists. "who you are" matters less than "who you know",
and this is true not just for messaging but also for web service accounts and
passwords, for trading and payments, and for so-called "social networking."
... document puts forth a >>measure<< of abusive behavior that causes
us (the "Internet") to withdraw our >>consent<< for all kinds of ...
ok, so two weeks ago i grabbed a spare /16 and put database-writing "servers"
on ports 25 and 80, and watched for worm spoor. i also hooked it up to a
ddns "blackhole zone" that i can use in postfix and apache to reject
connections from addresses who have attempted to worm into this /16. after
16 days of operation the zone has 149076 addresses in it and my spam volume
(nonrejected) is down 80%. (now that arin has an experimental allocation
policy i hope to add more address space to the basin, and there's been some
thought given to publishing the data thus gathered via http://oarc.isc.org/.)
what this means is, needing a basis for withdrawing consent is just wrong,
and what we need is a basis for offering it.
all attempts to encode this kind of information in the message header or
payload, to date, have failed. usually because it's a consortium of large
commercial enterprises seeking to monetize the trust paths, much as verisign
is now planning (see http://news.com.com/2100-7355-5163410.html?tag=nl). i
don't expect to see another x509-like hierarchy succeed in the marketplace,
it's too brittle and too abuse-prone and too beneficial to early adopters
and monopolistic behemoths. the real solution will be more pgp-like and
will have a hairball topology, for survivability and palatability reasons.
(and it's lots more likely to get built on top of jabber than on top of smtp.)