[buug] Casual Encryption
itz at speakeasy.org
Tue Jul 16 08:10:46 PDT 2002
Brian> In other email related news: check out Jon Udell's thoughts
Brian> about using digital IDs as a way to counteract spam. This
Brian> (besides SpamAssasin) could be the next killer app: a
Brian> technology that doesn't just weed out spam, but prevents it.
itz> I will check it out, but I already have the obvious question:
itz> will what he proposes handle open mailing lists?
Brian> I don't see why not. The basic principle is this: if you don't
Brian> provide a certificate that I can inspect and ensure comes from
Brian> a valid third party _that I trust_, I don't want to receive
Brian> mail from you. I don't have to *personally* know you, but I
Brian> can place trust in Thawte, Versign, or some other authority to
Brian> ensure that you have provided with credentials.
Brian> The bigger problem, beyond open mailing lists, is setting up
Brian> the software infrastruture to enable this. No webmail software
Brian> that I know of supports this (hotmail? ha!) and it's a royal
Brian> PITA on Outlook, which I actually tried when I had to use it on
Brian> a regular basis for work. I'd say that eliminates about 75% of
Brian> users right there. How well could you provide a certificate on
Brian> your MUA of choice?
I bet it would be a matter of minutes to add this to Gnus :)
But, doesn't PGP/GPG already provide this, in theory? All you need is
the signing authority. That it doesn't exist (yet) is a social
problem, not a technical one.
BTW, I prefer not to receive personal copies of buug traffic (I know,
I have been guilty of that, too).
Ian Zimmerman, Oakland, California, U.S.A.
GPG: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
EngSoc adopts market economy: cheap is wasteful, efficient is expensive.
More information about the buug