Ian Grigg wrote:

...  fundamentally, as Steve suggests,
we expect email from anyone, and it's free.

We have to change one of those basic features
to stop spam.  Either make it "non-free," or
make it "non-authorised."  Hashcash doesn't
achieve either of those, although a similar
system such as a payment based system might
achieve it.

Mind you, I would claim that if we change either
of the two fundamental characteristics of email,
then it is no longer email.  For this reason,
I predict that email will die out (ever so
slowly and painfully) to be replaced by better
and more appropriate forms of chat/IM.

Indeed, email is not so good anymore. When lack of message security in email becomes clearer to the users, as clear as spam is today, the value of email will approach zero.

Practically anyone can read the email you send and receive,
your ISP included. What's the fuss with google's gmail? Gmail's
differential is that they do not hide they will search through
your mailbox. Users are realizing that an email is like a postcard,
open for anyone to read and write on it. But encryption and
authentication are a hassle today, with less than 2% of all email
encrypted (sorry, can't cite the source I know).

The problem with current schemes has been that they only work
when both sender AND recipient already use the feature, which
probability is zero in the beginning of adoption. It's a chicken-
and-egg proposition. It is also a change to email. Even though the
existing ideas are sound in principle (e.g., PGP/MIME, S/MIME,
email gateways, etc.) they are all a replacement product with
many barriers for adoption.

Instead of a replacement, I believe that what we need is a
complement to solve the lack of message security in email
(including sender spoofing). Email is just the transport.  The
solution should be able to start from a single end user, should
require no change to records/software that end users do not
control, and should require no cooperation from email providers
and ISPs.


Cheers--/Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to