At 11:09 AM 8/14/2002 -0400, Melinda Shore writeth:
>> From: "Thomas J. Hruska" <shinelight@shininglightpro.com>
>
>> The "technical mechanism" of the trust system I previously mentioned on
>> this list is being _completely_ ignored. It is *THE* most viable solution
>> anyone has come up with to date in this thread and I am waiting for people
>> to respond to it.
>
>It's completely unwieldy and renders email, as we currently
>understand it, useless. The assumption that you'll be able
>to find non-email contact information for everyone to whom
>you'd like to send email, or that they're reachable at all
>by other means, is not a good one. It also has terrible
>scaling properties.
The beauty of business cards and webpages. The trust system can be set up
to have a specific channel for anonymous users who have a specific keyset.
If people want to make initial contact with you, they just grab the keyset,
plug it into their trust system and send their message (e-mail) to you. If
the keyset is nabbed by spammers, it gets changed. Only a few people will
be affected by such a change and only for a short time since trust is
usually established after a couple e-mails. Spammers would have to go back
to the source and get the new keyset. This will result in spammers
eventually having millions of useless keysets and thus make spamming a
*very* expensive proposition (instead of a 1:5 ratio, a 1:10,000,000 ratio
in terms of successfully sent and received spams in someone's mailbox).
>Note that the work of the IETF is done by email and is
>dependent upon the free flow of email to be successful. One
>of the great things about email is that it's asynchronous.
>Stuff comes and goes and we can deal with it at our leisure
>or we can deal with it immediately - it's our choice. If
>the flow of email suddenly started requiring synchronous
>interruptions, like telephone calls, IETF work would become
>far more disruptive and more difficult to justify to
>employers. And then there's the timezone thing.
As to synchronous/asynchronous operations, I was only offering the usual
contact methods ordinary people use as suggested ways the trust system
_COULD_ work. Mass mailing lists like this one would probably fall into
one trust level and a private mailing list trust keyset can be used to
individually e-mail members of a mailing list (which gives list members the
option to be privately e-mailed or not). So, using your private IETF trust
keyset you can e-mail me directly without needing the anonymous keyset and
not risk keyset changes.
So, IETF work can continue as usual as well as operate with the security a
keyset brings to the trust system.
As I said, my idea is not perfect, but it certainly is better than charging
people money for e-mail.
Hope this helps!
Thomas J. Hruska -- shinelight@shininglightpro.com
Shining Light Productions -- "Meeting the needs of fellow programmers"
http://www.shininglightpro.com/