-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Jabber, Facebook and other services where all or essentially all > communications require a bi-directional decision to enable messages > for years now, and there is virtually no spam in such systems > because of it. So, require such bi-directional "friending" within > our postulated new messaging network -- authentication is handled > by the public keys of course.
This is an old approach, trying to reduce the spam problem to the introduction problem. It works, sort of, but it's not as simple as it looks. I know people who do security at Facebook, and the lack of spam is due more to the fact that it's a closed system with people whose job it is to keep spammers from annoying the customers than to the introduction aspect. For Jabber, I expect it's that other than gmail (which has its own security department) there aren't any Jabber networks large enough to be worth spamming. There's plenty of spam in AOL's instant messaging system, where you can send anyone one message asking to be introduced. Introductions have terrible scaling properties. If you want a messaging system that can do what email does, it needs to be able to handle mail sent by robots. For example, when you buy a plane ticket online, you probably want to let the airline send you a confirmation, and also updates if the flights change. How do you authorize that, short of allowing anyone to send you a request that you look at? And more importantly, how do you tell the flight updates from valuable offers sent by the same company? Or, remarkably often, an organization's contact list will leak (it's hard to tell whether by malicious employees, incompetence, or malware) and now you have to abandon the existing token and set up a replacement. This isn't a useless technique, and it's very useful for some situations like small children whose parents manage their list of correspondents, but I don't think you'll find it a very useful way to keep out unwanted messages in general, unless you're also willing to lose a lot of wanted ones. R's, John -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (FreeBSD) iEYEARECAAYFAlI0pZAACgkQkEiFRdeC/kWevQCgnBETJDi4Vo1+hZ3xz1EsePS4 JxYAn2jqKCR+89BxzDFiRfC3Jlo220Ut =0TEa -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
