IETF Logo Mail Archive

Re: [Asrg] Soundness of silence

Bill Cole <asrg3@billmail.scconsult.com> Tue, 16 June 2009 18:55 UTC

Return-Path: <asrg3@billmail.scconsult.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA7993A6BC0 for <asrg@core3.amsl.com>; Tue, 16 Jun 2009 11:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LVWBlWIUdNjf for <asrg@core3.amsl.com>; Tue, 16 Jun 2009 11:55:04 -0700 (PDT)
Received: from toaster.scconsult.com (www.scconsult.com [66.73.230.185]) by core3.amsl.com (Postfix) with ESMTP id F284F3A6BC8 for <asrg@irtf.org>; Tue, 16 Jun 2009 11:55:03 -0700 (PDT)
Received: from bigsky.scconsult.com (bigsky.scconsult.com [192.168.2.102]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by toaster.scconsult.com (Postfix) with ESMTP id BDB488D4EF3 for <asrg@irtf.org>; Tue, 16 Jun 2009 14:55:08 -0400 (EDT)
Message-ID: <4A37EA8C.2090304@billmail.scconsult.com>
Date: Tue, 16 Jun 2009 14:55:08 -0400
From: Bill Cole <asrg3@billmail.scconsult.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090408 Eudora/3.0b2
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <4A329E38.9010609@tana.it> <4A36904E.8040908@billmail.scconsult.com> <4A3781D4.3020303@tana.it> <200906161301.JAA26149@Sparkle.Rodents-Montreal.ORG> <19F5E9FF50D8F6854F278DA0@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <19F5E9FF50D8F6854F278DA0@lewes.staff.uscs.susx.ac.uk>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] Soundness of silence
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: asrg@irtf.org
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 18:55:05 -0000

Ian Eiloart wrote, On 6/16/09 10:21 AM:
>
>
> --On 16 June 2009 08:47:51 -0400 der Mouse <mouse@Rodents-Montreal.ORG>
> wrote:
>
>> Not quite. There are walled-garden approaches to email that are
>> basically spam-free, because they have the accountability the open
>> Internet lacks.
>
> Agreed. What efforts are being made to introduce that accountability to
> email?

I believe that successful (on their own terms) demo projects exist in China, 
Iran, Cuba, and North Korea.

More seriously: the trend over the past 20 years has been to *reduce* 
structured accountability on the Internet. Anyone who wants to only accept 
mail that they can be certain is from identifiable and/or trusted senders 
can do so now, using mature open standards that have multiple interoperable 
implementations including free software.

AOL, CompuServe, Prodigy, The Source, Delphi, MCIMail, and just about every 
entity that ever received a classful allocation of address space enforced 
accountability on their users. More recently, the PGP user community and PGP 
Inc., Netscape, Microsoft, Thawte, and Verisign have all made their own 
valiant attempts to spread the use of tools that would support widespread 
user-level accountability for email. All major MTA's implement mandatory TLS 
encryption for transport and submission, mandatory authentication for 
transport and submission, and mandatory strict X.509 certificate 
verification, yet most also warn against using any of those except for 
encryption and authentication for submission and opportunistic encryption 
for transport without demanding cert verification. Most users of classical 
(i.e. POP/IMAP/MAPI/SMTP) MUA's use ones that can support message-level 
digital signatures and encryption, but the use of those capabilities for 
general Internet email is rare.

Figuring out a way to get the tools for online accountability into 
essentially universal use without a pre-existing adjunct authoritarian 
polity and without creating the tools for rapid creation of a new 
authoritarian polity would be a very interesting and challenging research 
goal. I think it is outside of IRTF scope.

v2.23.0 | Report a Bug | By Email