[buug] Casual Encryption

Ian Zimmerman itz at speakeasy.org
Tue Jul 16 08:10:46 PDT 2002

Brian> In other email related news: check out Jon Udell's thoughts
Brian> about using digital IDs as a way to counteract spam.  This
Brian> (besides SpamAssasin) could be the next killer app: a
Brian> technology that doesn't just weed out spam, but prevents it.

itz> I will check it out, but I already have the obvious question:
itz> will what he proposes handle open mailing lists?

Brian> I don't see why not.  The basic principle is this: if you don't
Brian> provide a certificate that I can inspect and ensure comes from
Brian> a valid third party _that I trust_, I don't want to receive
Brian> mail from you.  I don't have to *personally* know you, but I
Brian> can place trust in Thawte, Versign, or some other authority to
Brian> ensure that you have provided with credentials.

Brian> The bigger problem, beyond open mailing lists, is setting up
Brian> the software infrastruture to enable this.  No webmail software
Brian> that I know of supports this (hotmail? ha!) and it's a royal
Brian> PITA on Outlook, which I actually tried when I had to use it on
Brian> a regular basis for work.  I'd say that eliminates about 75% of
Brian> users right there.  How well could you provide a certificate on
Brian> your MUA of choice?

I bet it would be a matter of minutes to add this to Gnus :)

But, doesn't PGP/GPG already provide this, in theory?  All you need is
the signing authority.  That it doesn't exist (yet) is a social
problem, not a technical one.

BTW, I prefer not to receive personal copies of buug traffic (I know,
I have been guilty of that, too).

Ian Zimmerman, Oakland, California, U.S.A.
GPG: 433BA087  9C0F 194F 203A 63F7 B1B8  6E5A 8CA3 27DB 433B A087
EngSoc adopts market economy: cheap is wasteful, efficient is expensive.

More information about the buug mailing list