On Tuesday 09 December 2003 12:17 am, Meng Weng Wong wrote:
Validation implies revocation --- if a VeriSign customer turns out to be
a spammer, what's the punishment? Do you refuse to renew them? If the
renewal period is 1 year, they could spam for the rest of that year with
impunity.
It depends on what is being asserted by the CA. If it's simply a matter of
identity, 'Joe Spammer' remains 'Joe Spammer' regardless of what crimes he
may have commited.
To assert that 'this person will not send spam' is impossible without (a)
applying prior restraint (active censorship), and (b) defining spam
precisely.
To assert that 'this person is not known to have sent spam before' is
implementable because it is paradigmatically 'one or more blacklist checks'.
However defining what constitutes spam remains a value judgement and myriad
policies will be required in order to suit different cultures.
The best solution hence is a value-neutral identity authentication protocol
decoupled from any reputation metadata that may be overlaid onto it.
Joe's past activities may have been classed as unacceptable in culture A but
not in culture B (maybe he spams for a government, charity, church or
political party). His identity remains the same, and if the two cultures are
using different identity systems then sharing data simply becomes more
difficult as you would then need a third system of identity mappings in order
to exchange data. Balkanisation rather than standardisation.
Thus an identity system should simply say "this is joe" and not "this is joe,
who has not been convicted of spamming in Brazil". Then a separate reputation
system should say "joe has not been convicted of spamming in Brazil".
In any case all reputation systems have the failing that new people are
constantly being born (or just getting wired) at a rate sufficient to drown
us in spam no matter how complete our history-based blacklist is. Furthermore
a lot of starving people may decide that their online reputation is less
important than food they can by with Joe's bribe.
It may be tempting to deprecate newcomers in some way (this includes web of
trust and the like) to mitigate against this - hence creating a system of
priviledge that will evolve along a path of increasing inequitability.
Perhaps that is inevitable.
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡