Hi Evgeny,
The XEPs definitely are one of the most radical things recently proposed
so I appreciate the short descriptions.
I've been thinking about use-cases that you've described and at first
sight the SPIM prevention one seems like a good fit. Personally I don't
have big problems with it (yet?) but if CAs proposed by you did a small
number of checks before issuing certificates (such as this [0]) * then
the certificates could also be used as a ticket indicating that sender
is not likely to be a spammer.
Currently servers employ their own anti-spam measures, for example
ejabberd has captchas before messages from strangers are delivered. If
the sender could transparently provide a certificate and the server
would validate it then no captcha would be necessary.
Issuing this certificates can also be automated, just like certbot does
for Let's Encrypt. This would work in backwards compatible way, so for
everyone that don't want to opt-in to this scheme a regular captcha
would be shown. But for everyone that uses the scheme the experience
would be better.
This use case is similar to Privacy Pass [1] that already works for HTTP
over Tor.
Kind regards,
Wiktor
[0]:
https://github.com/JabberSPAM/jabber-spam-fighting-manifesto#server-policies
*: and limited certificate creations per domain per given amount of time
[1]: https://blog.cloudflare.com/cloudflare-supports-privacy-pass/
--
https://metacode.biz/@wiktor
_______________________________________________
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: [email protected]
_______________________________________________
