ietf
[Top] [All Lists]

Re: "Principles" of "Spam-abatement"

2004-03-01 13:28:39
If transitive trust could be made to work, then government security
clearances would be easy.  If it could work, we would have more than 3
credit reporting agencies, and we would not have so much machinery to
deal with their errors.  If transitive trust cannot be made to work for
those cases where there are major penalties for cheating, how can you
expect to make it work for mail, which no one values at more than
$30/year/seat?

that's not an unreasonable question.  and yet, the meatspace world copes.
the thing cybertrust hasn't done is to take advantage of existing meatspace
relationships.  probably there's no way i'll ever have reason to trust you
but i'll bet my bank has ways of trusting your bank.  (or your school or
my insurance company or whatever.)  if you think in terms of pgp then trust
can't scale.  if you think in terms of the meatspace world and its millenia
of traditions and mechanisms, trust clearly can scale.

if your bond is only $30/year then i probably wouldn't trust you no matter
what my bank told me about your insurance company or what your insurance
company said about you.  remember, i don't want to know who you are, i only
want to know who you know.  if the world has no hooks into you then i would
withhold my consent.  presumably there are others who would only give consent
if your religion was the same as theirs or if your identity was known -- but
that all fits under the "all communications by mutual consent" banner.

You might say that you don't want fully transitive trust but only
to trust the people who know people you know.  If you want that
kind of mail system that does not carry message between strangers, 
you've already got it with any of the many kinds of whitelisting.

no, i want it to be as big as meatspace.

These problems with trust have nothing to do with the network protocols
involved.  They are fundamentally non-technical.  Talking about replacing
SMTP to implement transitive trust is at best a distraction.

unfortunately you're right about that last part.  smtp's major problem is its
unpleasant distinction between the transport and mailbox, and it *will* get
replaced with something that can carry trust indicators and deal with
multilevel agency.  but the real and larger work is the meatspace-sized trust
web, without which smtp is probably as good as e-messaging can ever get.
-- 
Paul Vixie