On Fri, May 09, 2003 at 03:50:02AM +0200, Nomen Nescio wrote:
Lauren Weinstein, founder of People for Internet Responsibility, has come out with a new spam solution at http://www.pfir.org/tripoli-overview.
[deletia]
Thus you have to be politically acceptable to the Powers That Be in order to receive your license to email, aka your PIT. And be careful what you say or your PIT will be downgraded.
Weinsteins proposal is DOA because of the centralized control and the lack of anonymity (oh, but Pit issuers may issue special anonymous certs to "applicants with special needs for identity protection (e.g., human rights groups operating in "hostile" areas, etc.)". Right.) The people like us who would implement it won't. But it's technically possible. The technological issues are the easy part. Creating a new email system is one thing, getting people to use it is another. This idea is pretty unrealistic... sort of the Underpants Gnomes plan for ridding the world of spam: 1. create completely new parallel email system 2. ??? 3. no more spam!
Unfortunately he doesn't discuss various crypto protocol issues:
If the PIT is just a datum, what keeps someone from stealing your PIT and spams with it?
If the PIT is a cert on a key, what do you sign? The message? What if it gets munged in transit, as messages do? You've just lost most of your email reliability.
Or maybe you sign the current date/time? Then delayed mail is dead mail.
Or maybe you respond to a challenge and sign that? That won't work if relays are involved, because they can't sign for you.
I read it as the Pit is a signature over the Pit contents and the email. It'd include the certs needed to authenticate to the appropriate CA. A PKCS#7 detached signature or similar structure would work fine. The crypto part is the one part that's easy.
Spam is a problem, but it's no excuse to add more centralized administrative control to the Internet. Far better to go with a decentralized solution like camram.sourceforge.net, basically a matter of looking for hashcash in the mail headers. This raises the cost to spammers without significantly impacting normal users.
See the 'getting people to use it' argument above. Solve that and any of 20 different technical solutions would work. Eric