Re: proposal for built-in spam burden & email privacy protection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2004-02-13 at 12:46, Ed Gerck wrote:
Dean Anderson wrote:

> Then using the IETF list as an example, you would need the entire list of
> recipients and their public keys, and you would need to send a message
> either directly to each of them, one by one, or send a single message with
> a session key for each recipient (thousands).  This isn't going to work.

Let's not mix apples with speedboats. These are some options with the 
proposal:

#1: no encryption is used either way, the list address is in a whitelist 
for each recipient.

#2: each recipient can only send encrypted msgs (possibly, also
signed) to the list, with the list's key, for distribution. The listserver 
verifies and resends the messages in plain text, where #1 applies for 
each recipient.

#3: the list receives messages as in #2 but the listserver sends the
msgs as encrypted mail to each recipient, with each recipient's key.
#4 (my preferred) the member send a message to the list with his digital signature. The list checks the digital signature (from keyserver or from a member database) and post the message if signature is valid. If the signature is not valid, the message is held for approval.

But yes this scheme does not offer much more than restrict posting to list members only, which the IETF had to do last year(?).

May be it would provide an avenue to not restrict posting to members only if a posting is correctly digitally signed...

Yes a user could send digitally signed viruses without his/her knowledge. Hopefully software that applies digitally signature to e-mails do not do it blindly without repetitive manual user intervention (after idle time, you must re-enter your key password). Or a mail cannot be sent via a script without entering the key password.

> In
> the case of spam, detection is easy, but not automatic.  Prosecution is
> now possible.  Its still a whack-a-mole game. It won't end unless you can
> get past the virus infection to the virus operator, and hopefully, there
> aren't really too many virus operators.  Of course, we aren't stopping
> spam either in a very real sense, but rather abusers who are annoying and
> mailbombing people.  But by my count of my inbox, if you stop those
> people, I can certainly handle the rest which amounts to maybe 1% of my
> current junk mail.

When you outlaw spam, only the outlaws spam. So what? The
problem still remains, even if you call them outlaws. Also,
users should not have to sue spammers, or have any other burden,
in order to protect the users' resources. Imagine if I would 
have to manage 300 lawsuits a day (the average spam rate that
my system cannot automatically detect as spam)?
You can contribute to a pool of reports, like spamcop does or other systems based on a message signature count. When a threshold is reached, you know something suspicious is happening. You can then collect the reports, bundle them and sue on behalf of the users, that's what public prosecutors do sometime. They do not necessarily need a complaint...
----
Franck Martin
franck@xxxxxxxxx
SOPAC, Fiji
GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9  D9C6 BE79 9E60 81D9 1320
"Toute connaissance est une reponse a une question" G.Bachelard

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]