[TCP/IP, HTTP] "Exactly my point: the reason _why_ these technologies are not patented is because the stadnards bodies and guardians ensured that patentable technologies were not standardised. This has nothing to do with whether patents for software exist or not."
What, they are not patented because they were standardized, and nothing patentable was standardized? Well, I guess this could be true in a way, as software wasn't patentable back then.
The startling conclusion is however that today, were everything is patentable, nothing will be standardized. (Unless the standard organizations have changed their policies, in which case the Internet might be the last surge from applied Information Technology we'll ever see.)
Well, if/. isn't everything to you, you could just sign another temporary keypair without a passphrase and use that on your local computer. (/. would see that the temporary key was signed by you.)
Yes, but they could just skip the calculating-part and do like in the old days (and presumably like spammers will do). While signing up, you add their signature in the process, effectively whitelisting them.
All this depends on how the system is changed, of course, and it's easy to make it hard on the lists (by design).
"If I don't know you, I have to prove to you that I have spent a little bit of time in resources to send you that e-mail."
This changes the effort to convincing the system that I know you and we can bypass all of this. Microsoft's track record tells me that this will be accomplished quickly (likely before the software even reaches final release.)
Knowing should of course mean having the digital signature.
So, sure it may still be possible, but only through weak crypto or flawed implementation.
This won't kill mailinglists, as these can easily be whitelisted (simply trusted, you trust their digital signature).
This will make a difference when you mail someone who doesn't know you. Does it seem so unrealistic that you (your computer) make an effort to show you really are serious? "Wow, he spent 10 minutes calculating this really hard stuff just so he could email me." (How about doing it while you're typing it up? Unless the solving also needs the finished mail for signing in the process.)
See, once he knows you (got your sig), all you need is to sign your mails and voila they get through (whitelisting).
From a receiver's standpoint, the only difference between a legitimate mailing list and a spammer is that the user asked to be part of a mailing list.
Yes, and that is all the difference you need.
It's simple: You send me mail. I know you?[1] Mail goes through. I don't? You do hard math. You're still there? Wow, you're serious! Mail goes through.
That's the basics. To make it work in reality, if you can't do the math your mail will get ranked lower in a spamfilter.
Mailinglist case: List send me mail. I know list. Mail goes through.
Note that in the most common case (mailing someone you know) there's no extra computation. Also note that mailinglists needn't do any calculation since you initate the contact with the mailinglist. (ie it's opt-in)
I maintian a mail server for a few thousand people. I have no idea which mailing lists they would subscribe to. It would probably become a full-time job to keep such a whitelist up to date. (And most users wouldn't have any idea to notify me in the first place - so the end effect is that they would subscribe, and then bitch about how they're not getting the stuff they signed up for.)
Who said whitelists are on the server-side?
[1] I know you = you're on my whitelist (I've got your dig. signature)
First, it would kill legitimate mailing lists. Imagine what the perl5-porters list or the Linux kernel list or any of the other high traffic mailing lists would have to do to keep operational. Large mailing lists already have problems with lag. This would just add to that.
This computation should only be used for First Contact! After first contact you accept their signature and voila.
Since in the case of mailinglist you are the one initating contact, the server doesn't need to "pay" you or prove anything! You just accept the signature in the process of signing up to the mailinglist.
This technique requires replacing every mail program out there to support the protocol. Of course, they will just make it a condition to connect to exchange. Might be a way of getting people away from having to talk to compromised Windows mail servers.
Well, it needn't be exclusive. If something it can reduce the chance of false positives.
Anyway, there's one good thing about M$ doing it, and that's that they can support it in Outlook. Now, the bad side of that is that it'll probably be exclusive to some degree, and then M$ has done the world yet another disservice.
If this works as stated, then I can see issues.. For instance, large mailing lists. Would they have to be white-listed? 3000 seconds of computation is a heavy tax on a community based program like the Linux Kernel Mailing List, which averages 300 messages to my inbox a day.
This computation should only be used for First Contact! After first contact you accept their signature and voila.
Since in the case of mailinglist you are the one initating contact, the server doesn't need to "pay" you or prove anything! You just accept the signature in the process of signing up to the mailinglist.
If anything, it would be you who would have to prove to the mailinglist that you indeed have made an effort in signing up. Now, this is silly, I guess, as I haven't heard anything about mailinglists complaining that too many users sign up.
Slashdot Mirror
[TCP/IP, HTTP] "Exactly my point: the reason _why_ these technologies are not patented is because the stadnards bodies and guardians ensured that patentable technologies were not standardised. This has nothing to do with whether patents for software exist or not."
What, they are not patented because they were standardized, and nothing patentable was standardized? Well, I guess this could be true in a way, as software wasn't patentable back then.
The startling conclusion is however that today, were everything is patentable, nothing will be standardized. (Unless the standard organizations have changed their policies, in which case the Internet might be the last surge from applied Information Technology we'll ever see.)
Is this what you want?
Well, if /. isn't everything to you, you could just sign another temporary keypair without a passphrase and use that on your local computer. (/. would see that the temporary key was signed by you.)
/. and revoce it.
Compromised? Contact
Yes, but they could just skip the calculating-part and do like in the old days (and presumably like spammers will do). While signing up, you add their signature in the process, effectively whitelisting them.
All this depends on how the system is changed, of course, and it's easy to make it hard on the lists (by design).
Knowing should of course mean having the digital signature.
So, sure it may still be possible, but only through weak crypto or flawed implementation.
This won't kill mailinglists, as these can easily be whitelisted (simply trusted, you trust their digital signature).
This will make a difference when you mail someone who doesn't know you. Does it seem so unrealistic that you (your computer) make an effort to show you really are serious? "Wow, he spent 10 minutes calculating this really hard stuff just so he could email me." (How about doing it while you're typing it up? Unless the solving also needs the finished mail for signing in the process.)
See, once he knows you (got your sig), all you need is to sign your mails and voila they get through (whitelisting).
Yes, and that is all the difference you need.
It's simple: You send me mail. I know you?[1] Mail goes through. I don't? You do hard math. You're still there? Wow, you're serious! Mail goes through.
That's the basics. To make it work in reality, if you can't do the math your mail will get ranked lower in a spamfilter.
Mailinglist case: List send me mail. I know list. Mail goes through.
Note that in the most common case (mailing someone you know) there's no extra computation. Also note that mailinglists needn't do any calculation since you initate the contact with the mailinglist. (ie it's opt-in)
Who said whitelists are on the server-side?
[1] I know you = you're on my whitelist (I've got your dig. signature)
Since in the case of mailinglist you are the one initating contact, the server doesn't need to "pay" you or prove anything! You just accept the signature in the process of signing up to the mailinglist.
Well, it needn't be exclusive. If something it can reduce the chance of false positives.
Anyway, there's one good thing about M$ doing it, and that's that they can support it in Outlook. Now, the bad side of that is that it'll probably be exclusive to some degree, and then M$ has done the world yet another disservice.
/Vaste
This computation should only be used for First Contact! After first contact you accept their signature and voila.
Since in the case of mailinglist you are the one initating contact, the server doesn't need to "pay" you or prove anything! You just accept the signature in the process of signing up to the mailinglist.
If anything, it would be you who would have to prove to the mailinglist that you indeed have made an effort in signing up. Now, this is silly, I guess, as I haven't heard anything about mailinglists complaining that too many users sign up.
/Vaste