At 01:27 PM 1/31/2004, Hallam-Baker, Phillip wrote:
The core problem of email as far as I am concerned is the interminable
forwarding problem.
There I will disagree. The present model in fact gets messages from where
they are to where they need to go.
If I had to pick one thing (and there are others to pick, such as "wouldn't
it be nice if we could just use unicode directly") as the fundamental
issue, it would be that when I look at a message I have received,
- I cannot determine who sent it to me even if it declares its source
- I cannot tell who received it (who was BCC'd?)
and
- when it is forwarded on, I cannot prove the assertion that what the
forwarded text said is indeed what I said.
and as a result
- a mail MTA/MUA has few strong hooks to hang a policy on
I use PGP as a way to give you that information on mail I send; you don't.
So I presume that someone sent the email I am replying to and used your
address to send it, but it might actually have been your admin, or for that
matter anyone else.
IMHO, the big thing I would like to change in email is that I would like to
be able to apply a policy to spam, bounce, and virus email. There are
various ways to do that, and the ones that demonstrably work have some
concept of a strong identity associated with them. Note that I did not say
"eliminate all spam"; while that is laudable, I don't know that I can in
fact do it, given that I can't legally define it. But if I could ensure
that the person or Turing Machine sending an email was specifically the one
identified as sending it (or was part of an appropriate larger whole), I
could apply a policy. Maybe I want to accept email from verisgn.com but not
from spam.verisign.com, for example, or I want to accept mail from
pbaker(_at_)verisign(_dot_)com but not TomWhoSendsSpam(_at_)verisign(_dot_)com(_dot_)
When it comes to viruses, that gets far too amusing. I would like to
somehow have the MUA only originate mail if the human originates it,
perhaps via a program, but not if the program is operating beyond contact
with its human. I have an idea that identity can help here, but I'm less
sanguine than I might have been a little while ago.
I want and end to end identifiable sender. That is not an implication that
I want a CA or a global PKI, although those are possible approaches to
accomplishing it.
pgpz0gw0VtQtT.pgp
Description: PGP signature