Great Circle Associates List-Managers
(May 2002)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Charge?
From: J C Lawrence <claw @ kanga . nu>
Date: Sun, 19 May 2002 23:14:29 -0700
To: kirk Bailey <idiot1 @ netzero . net>
Cc: List Managers <list-managers @ GreatCircle . com>
In-reply-to: Message from kirk Bailey <idiot1 @ netzero . net> of "Mon, 20 May 2002 00:58:40 EDT." <3CE88280 . 3F5EAD00 @ netzero . net>
References: <3CE80CA6 . 23974 . 4BE3D36 @ localhost> <3CE86A26 . B6AEC19 @ netzero . net> <3949 . 1021868731 @ kanga . nu> <3CE88280 . 3F5EAD00 @ netzero . net>

On Mon, 20 May 2002 00:58:40 -0400 
kirk Bailey <idiot1 @
 netzero .
 net> wrote:

> n short, we can't techno fix it, so live with it, is this a accurate
> summation of your position?

No.  The problem is obviously fixable if you and the users are willing
to pay the prices.  Given the political and human nature of the problem
I've quite clearly pointed at where I see the "solution" (ie an address
which is tolerable and even attractive enough to users to be used enough
to be effective): PKI-based audit trails.

It really doesn't matter if those audit trails are user based (ie
per-user digital signatures) or reverse-auditable (as discussed
previously) TLS signatures embedded in Received: headers.  For what I
hope are fairly obvious reasons I prefer client-side signatures, but
they suffer from scalability and deployment issues, especially with
regard to legacy systems.  Hitting it at the TLS level has problems in
that it requires non-trivial updates to the protocol specs, especially
as regards gateways that do format or charset translations (non-trivial
problem), but it involves few systems, and unlike client-side involves
the effort and expense of those people most concerned and affected by
the lack of audit trails, and are who tend to be more knowledgeable
about the area in general: MX operators.

  Note that nothing prevents both approaches simultaneously.

BUT, either approach requires widespread PKI deployment and adoption
which is a non-trivial pre-condition.  The former also requires
widespread MUA support.  The latter requires widespread MTA support.  At
a human and political level the latter is an easier and more
approachable problem.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw @
 kanga .
 nu               He lived as a devil, eh?		  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.



Follow-Ups:
  • Re: Charge?
    From: Chuq Von Rospach <chuqui @ plaidworks . com>

References:
  • Charge?
    From: "Amy Stinson" <e-list @ amys-answers . com>
  • Re: Charge?
    From: kirk Bailey <idiot1 @ netzero . net>
  • Re: Charge?
    From: J C Lawrence <claw @ kanga . nu>
  • Re: Charge?
    From: kirk Bailey <idiot1 @ netzero . net>
Indexed By Date Previous: Re: e-postage again
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Re: solicited vs. unsolicited mail
From: kim brooks wei <kimi @ kimbwei . com>
Indexed By Thread Previous: Re: Charge?
From: kirk Bailey <idiot1 @ netzero . net>
Next: Re: Charge?
From: Chuq Von Rospach <chuqui @ plaidworks . com>

Google
 
Search Internet Search www.greatcircle.com