Jamie,
<humour>
I can see a number of problems with your concept, though I concede
that
there is a burning need.
Spammers are unscrupulous and would somehow manage to get themselves
"signed" in any case.
Are you going to allow anyone to issue a CA or just the Verisign,
Thwaites, etc.
What will you do about unverified mail that is genuine. It has to be an
"everyone in" environment otherwise it just won't work.
What if I am a cyberpariah and no one will sign my authentication, even
though I might have noble motives. One name that appears on this list
occasionally (I think) springs to mind.
</humour> (sorry, but I am fresh out of humour for the rest of the day)
--
Howard.
______________________________________________________
LANNet Computing Associates <http://www.lannet.com.au>
On Thu, 3 Aug 2000, Jamie Honan wrote:
>
> Humour me.
>
> I'm trying to work up some ideas, and I'm looking for feedback,
> either more ideas or references to 'things I should look at'.
>
> I'm taking my starting point the following: the pros and
> cons of widespread personal authentication on the internet.
>
> With widespread authentication, it might be possible to reduce spam.
> Recipients might refuse email from non-authenticated senders.
>
> There are other social benefits to authentication. Multiplayer
> games suffer when cheats exploit hard to close loopholes
> (http://www.gamasutra.com/features/20000724/pritchard_01.htm and
> http://slashdot.org/article.pl?sid=00/07/25/1448226)
>
> When we are responsible for our actions (our guilt and our
> glory have a half life beyond a few hours) then we might
> take more care to act in a more long term manner.
>
> (What penalties could be meted out? Banishment?)
>
> Imagine not a single yes / no authentication but a multi layered,
> 'rings of authentication', something like what we use for social
> validation at the moment.
>
> The PGP keyring signing suggests not signing someone else's key
> unless they are physically verified.
>
> But what if we could have levels of verification. I know Jack,
> and Jack knows Judy, therefore I'll verify Judy as a suitable
> person to play backgammon with. A sort of 'rings of association'.
> Level 1 :- physically verified, through to level 3 :- friend
> of a friend.
>
> But there could also be more formal methods. A bank could verify
> that Joe Bloggs is a valued customer of good standing.
>
> How would such a system work? There are public pgp key servers
> http://www.pgp.net/pgpnet/pks-commands.html.
>
> (How would an email recipient program use such public servers?
> I'm envisaging a system something like dns, where you
> could publically verify the sender, up to some level of trust).
>
> I was imagining something like ldap.
>
> How would it be funded? Subscription? Perhaps each ISP could
> run one as part of their service?
>
> Thanks in advance for any ideas you can add.
> Jamie
>
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
