> > 1. does the ietf as a community generally believe that provable > > mutual consent between a sender and recipient is an achievable > > (technically) and desireable (by the global user base) goal? > > What's that about a "community"? Individuals can believe things, but > communities can only argue. that's how it feels, i know. however, even the most bitterly disappointed individual contributor to the IPng effort knows that IPv6, warts and all, could only have come from a "community." because of the number of adopters needed to deploy it before it could become relevant, the technology had to be developed in a sausage factory of some kind. note that i am not sure that ietf is the right such "community" for ibcs(*) but i am very sure that it won't get done by a small team working in dark and quiet and then thrusting a working solution into the spotlight with a bit "USE ME!" sign painted on it. > > 2. if #1, does this same community believe #1 can be accomplished > > by means of negative pressure (bayesian, dcc, blackhole lists, > > hashcash, etc) on the current e-mail system (smtp, rfc822, mime)? > > I see no consensus on what to do about spam and don't believe one is > possible for any of those efforts or any group of them. this isn't about spam, it's about trust. with MAPS and DCC my early thoughts were in terms of "disabling nonconsensual communications" and what i've gone over to in recent years is "enabling consensual communications" which is not at all as similar as it sounds. > > 3. if !#2, then does this same community have any interest in being > > a creative, ambitious force that brings this functionality to > > the masses, or should this work be pursued independently/elsewhere? > > The continuing history of IPng is cautionary for IETF Manhattan-project > style community efforts. therein lies the rub. nothing like DNS or HTTP could be created in the kind of sausage factory the ietf has become. there are too many witnesses now, and too many helpers. if someone hears that something interesting is going to be worked on, they join the mailing list and come to meetings since they're at ietf for the week anyway. with 750 people on the mailing list and 300 in every meeting, all actual work stops, or moves into "design teams" which mimic the IETF of olde (or so i'm told -- my first rfc was in the 1800 series, so most of the history predates my participation.) however, i do not consider IPng to be a failure. it's taking a while to get deployed, that's true, but at least (unlike DNSSEC) the last flag day has passed and there are multiple interoperable implementations. so the choice of whether to do ibcs inside IETF isn't dictated (in either direction) by what's happened with IPng. however, the choice to do ibcs outside IETF may be dictated by what's had to happen with HTML and its related standards. > The little I've understood is that you've said something about "mutual > consent" and vendors or notaries of the same, which for me evokes > "like Verisign?" and a little more best unsaid. no, not like verisign. in <g3llwdraz3.fsf@sa.vix.com> i wrote as follows: | s/mime relies on the x.509 pks industry which in is turn based on the goal | of enriching a small number of ca's who have to pay for relationships to | browser/useragent vendors who then make the certs worthwhile. that can't | scale and hasn't scaled, other than in the case of server certs. no way | will the average user be willing to pay money for a personal cert signing | if the companies on the list have all spammed them. sorry to evoke the wrong thing. i really am trying to be very clear, here. -- Paul Vixie