Re: Digital stamps
@Shannon Jacobs, @pierce @skelband:
To avoid making a TL;DR post, I did not really flesh out my ideas. Implementation-wise, there are many details that leave most people behind. PKI can be difficult to understand.
Whatever the technical details, PKI makes it possible to know who a sender is or to know that the sender is recommended by someone you know. Spammers could not send you mail because there is no way they could gain a credible recommendation and no way they can afford to pay you to accept traffic from a stranger.
The cost associated with the 'digital stamp' is so that legitimate senders can always get an important message through. It would block trivial messages from legitimate senders, but arguably that is SPAM.
The reason to depend upon something akin to digital currency is because it is important to legitimize the sender without necessarily identifying them personally.
Cost would have to be adjusted to some reasonable minimum that made SPAM unprofitable but allowed ordinary legitimate mail to be economically feasible.
To support the stamps, essentially digital currency, you need a PKI infrastructure anyway. That being the case, mailing lists that you wanted to encourage could be given a pass under a 'bulk rate'. Ones you did not want to encourage would be discouraged.
You could develop a system of rates for unsolicited mail vs mail from known senders and mail being sent 'first class', 'regular', 'bulk', etc. The PKI can allow you to differentiate between senders whose keys are signed according to how much you trust the signer. People managing a huge mailing list would have to send 'bulk' and/or they would have to re-evaluate the value of sending to the list. I am skeptical of the net value of mailing lists to the recipients and it is the recipients we are trying to serve. If you have something you send out to a million users every week, you would have to switch from a 'push' model to a 'pull' model by placing the message on a server where interested readers could pull it down.
Re: "a lot of SPAM comes from bot nets"
That is true. AFAIK, most SPAM is now coming from bot nets. Do you think that it is unreasonable to require that people in charge of putting a PC on the network bear some responsibility for damage it does? This is probably a good way to get users to be more diligent and to force companies like MS to take security more seriously. This would effectively cause all of that type of traffic to be 'metered' and would end up returning an enormous amount of the aggregate capacity of the network back to us.
Given that the digital stamps involve actual money, the system responsible for placing the stamps would be more secure and to the extent it was breached, it would be limited to how much it could send by the money available for stamps. You could also make it so that the system asked for permission before using stamps, etc. You could have a special wallet to act as a 'postage meter' limited to a small amount sufficient for normal mail.
Part of the reason we have SPAM at all is that PKI is in a dreadful state. It should be both usable and used by everyone. It should be largely incorruptible. Instead, it is hardly usable even for experienced users, not used except in basically broken ways and the root CAs are all fundamentally corrupt.
Unfortunately, one of the things holding us back is that the bad guys have hijacked the PKI and DRM conversation(1) and are driving us inexorably toward 'treacherous computing'. It seems to me that the good guys who know enough to use the stuff are reluctant to vigorously pursue its use because of the danger that DRM presents.
I am not expert in this area, but I do have some experience. As far as I know, we can definitely implement things like digital stamps and we can definitely put in place PKI such that outbound traffic from a given system is done using a PK pair and that inbound traffic can be checking up a chain of signatures to establish trust.
Signed keys are not limited to a single one, nor are they intrinsically limited to a single use. If we have the infrastructure to deal with digital stamps then we also have in place infrastructure capable of verifying along the route from sender to receiver such that unsigned traffic is never forwarded by routers or accumulated by mail servers.
Of course, as people worried about DRM would know, the above requires that we have a distributed trust system that cannot be tampered with by agencies like the NSA or other hostile forces. If any single entity or any colluding oligarchy gains control over the system they can(2) cause havoc and cripple the Internet.
Technically, it is quite possible to implement digital stamps and surrounding infrastructure to eliminate SPAM as such. On the way, there are some impediments, but these (a) are political not technical and (b) need to be dealt with anyway.
We *will* move toward some sort of micro-payment capable system and some sort of distributed trust. Along the way, we *will* have DRM. It is going to happen. However, it is very important that *well before* we implement the DRM part we entirely remove control from unfaithful trustees like Verisign, Sony, Microsoft, etc.
(1) The 'trust' conversation currently involves the bad guys insisting that everyone must trust the bad guys above all. They demand that we give them control of all of the master keys and do as we are told. They want to breach trust going in. I'm against that and so are any other decent people with a clue about PKI. Control of things involving trust such as DNS, SSL root certificates, etc need to be distributed so that breaches of trust are effectively impossible. Currently they are controlled by the bad guys.
(2) Eventually, by Murphy's Law, we know that eventually, 'can' == 'will'.