ietf
[Top] [All Lists]

Re: "Principles" of "Spam-abatement"

2004-03-01 14:13:09
From: Paul Vixie <vixie(_at_)vix(_dot_)com>

...
that's not an unreasonable question.  and yet, the meatspace world copes.

The real world copes only by having laws against enforced violations
of trust.  Until the first spammer goes to jail for breaking the laws
that have long made most current spam illegal, all talk of trust fixing
spam is academic.  If the activities of the ROKSO 200 really get them
real penalties, then talk of trust vs. spam becomes relevant, but only
for as one among many fixes for what is currently a trivial part of
the spam problem, the spam from people who are not criminals.

the thing cybertrust hasn't done is to take advantage of existing meatspace
relationships.  ...
                                       ... meatspace world and its millenia
of traditions and mechanisms, trust clearly can scale.

It is not trust that scales but police.  There is no transitive trust
in the real world.  There are only bi- and sometimes trilateral contracts
and lots of people with guns ready to punish those who break trust.  If
transitive trust were even in the real world, buying a house would not
be such a big expensive ritual with escrow, title insurance, and so
forth.  If trust "scaled" in the real world, it would be a lot easier
to get the title for your car converted from one state to another.

Some might offer title insurance as a model for stopping spam, but
only if they've never paid for it.

if your bond is only $30/year then i probably wouldn't trust you no matter
what my bank told me about your insurance company or what your insurance
company said about you.  remember, i don't want to know who you are, i only
want to know who you know.  if the world has no hooks into you then i would
withhold my consent.  presumably there are others who would only give consent
if your religion was the same as theirs or if your identity was known -- but
that all fits under the "all communications by mutual consent" banner.

There are problems there.  First is that you are not talking about
anything that might be called "transitive" trust.  The word "transitive"
is wrong and misleading.  Please use something like "secondary trust"
or "bonding" or "letter of recommendation."  Second, as Dave Crooker
wrote, your "hooks" are too nebulous.

There's a cool and relevant article in the March-April 2004 issue
"American Scientist."  It concerns how religious groups manage to trust
their members.  The problem/analogy with your trust model is that mail
is not worth $30/year to anyone, not to mention self-mutilation.  How
much does a "check guarantee card" or real estate title insurance or
a jail bail bond cost?


...
unpleasant distinction between the transport and mailbox, and it *will* get
replaced with something that can carry trust indicators and deal with
multilevel agency.  but the real and larger work is the meatspace-sized trust
web, without which smtp is probably as good as e-messaging can ever get.

I do not agree, but mostly because I doubt that vastly larger goal
of "a meatspace-sized trust web."  Whether SMTP disappears doesn't
matter to me.  I was using email long before it appeared.

And I say again: every time you, with your standing, even whisper about
replacing SMTP with a protocol that carries trust tokens, you give aid
and comfort to spammers and the parasites using the spam problem.
Regardless of what you mean, they translate your words as "Paul Vixie
agrees that TOES/SPF/RMX/SMTP-AUTH/CalleriD/HashCash/E-postage/...
is the Final Ultimate Solution to the Spam Problem."


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com