Ian Grigg wrote:
... fundamentally, as Steve suggests, we expect email from anyone, and it's free.
We have to change one of those basic features to stop spam. Either make it "non-free," or make it "non-authorised." Hashcash doesn't achieve either of those, although a similar system such as a payment based system might achieve it.
Mind you, I would claim that if we change either of the two fundamental characteristics of email, then it is no longer email. For this reason, I predict that email will die out (ever so slowly and painfully) to be replaced by better and more appropriate forms of chat/IM.
Indeed, email is not so good anymore. When lack of message security in email becomes clearer to the users, as clear as spam is today, the value of email will approach zero.
Practically anyone can read the email you send and receive, your ISP included. What's the fuss with google's gmail? Gmail's differential is that they do not hide they will search through your mailbox. Users are realizing that an email is like a postcard, open for anyone to read and write on it. But encryption and authentication are a hassle today, with less than 2% of all email encrypted (sorry, can't cite the source I know).
The problem with current schemes has been that they only work when both sender AND recipient already use the feature, which probability is zero in the beginning of adoption. It's a chicken- and-egg proposition. It is also a change to email. Even though the existing ideas are sound in principle (e.g., PGP/MIME, S/MIME, email gateways, etc.) they are all a replacement product with many barriers for adoption.
Instead of a replacement, I believe that what we need is a complement to solve the lack of message security in email (including sender spoofing). Email is just the transport. The solution should be able to start from a single end user, should require no change to records/software that end users do not control, and should require no cooperation from email providers and ISPs.
Comments?
Cheers--/Ed Gerck
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]