Monday, October 13, 2003

Gold from the Captain's Chest

Last night I was reading to my six-year old boy, Franklin, from Treasure Island. He had seen Treasure Planet, then the 1950 Disney live-action Treasure Island and then he wanted me to read the book to him. We were up to Chapter Four, The Sea-Chest, right after Captain Billy Bones dies and Jim and his mother try to get help from the nearby village to fend off Blind Pew and his mates, who are going to return at ten o'clock for the Captain.

Franklin has a tremendous vocabulary for a six year-old, but the Nineteenth Century language is a bit tough. Even I have to guess at some words: gully? lugger? So I stop every page or so to make sure that he's understood what's gone before. We were just about this paragraph, where Jim's mother declares her determination to get the money from the Captain's chest that he owed her for unpaid room and board:

They say cowardice is infectious; but then argument is, on the other hand, a great emboldener; and so when each had said his say, my mother made them a speech. She would not, she declared, lose money that belonged to her fatherless boy; "If none of the rest of you dare," she said, "Jim and I dare. Back we will go, the way we came, and small thanks to you big, hulking, chicken- hearted men. We'll have that chest open, if we die for it. And I'll thank you for that bag, Mrs. Crossley, to bring back our lawful money in."
So I'm explaining about infectious and emboldener when Franklin asks "Did the Captain swallow the gold pieces?"

"Huh??? What do you mean swallow..." I say, perplexed.

Franklin: "Well how did the gold get into his chest?"

At this point I almost fell to the floor laughing!

Ken Hirsch


Transition to Authenticated E-mail

Tim Bray proposes having people pay 1 cent per email. It's not much, but it would make some many non-profit email lists unworkable. Most other proposals like this charge only for the first email from an unknown sender, and usually a lot more than one cent. This does require the recipient (perhaps at the ISP level) to keep track of who is already authorized to send free mail.

There are actually quite a few workable schemes for preventing spam. Tim Bray is right that any system where sending is both free and anonymous will always be open to spam, but it's not necessary to charge on a per-message basis. One system that is beta-testing right now is Bonded Sender. With this system, the owner of an outgoing mail-sending server puts up money to guarantee that his system won't be sending spam (on the order of $1000 per server, with $500/year renewal). There's a contract that specifies what is spam and a third-party arbitrator for handling disputes. Existing mail-filtering software can easily check the BondedSender status via the DNS system, as they generally already check the DNS status of senders.

There are a couple of drawbacks to this. First, the IP verification won't work with dynamically-assigned addresses. Second, some smaller email senders may not want to spend as much as $1000 on this. Third, it doesn't help you if your ISP is not participating. All of these can be overcome by using a paid relayer, as Tim Bray suggests. It would be up to the relayer to determine how to prevent abuse of its own system.

Other systems work by verifying a digital signature and certificate of the sender, either on a per-message basis (S/MIME or PGP) or on a per connection-basis (using SMTP over TLS). This doesn't require a static IP address to verify identity.

Although it may seem complex and even chaotic, more than one mechanism will exist to prevent spam, even in the long-term. For a variety of legal, political, and financial reasons, no one solution will please everyone. We need to have some sort of meta-email system for allowing these to co-exist effectively.

What I propose is that an independent group be established which will provide a framework for interoperability. What needs to be done?

Some of this can be developed under the auspices of the IETF (or IRTF), but the IETF won't take on any kind of enforcement role.

In addition, we need a way to transition to authenticated email. I have proposed that each recipient use a challenge-response system (such as TMDA, but a prepaid system like SMTP4ALL could also serve in that role.

kenhirsch at myself dot com


This page is powered by Blogger. Isn't yours?