[cap-talk] can one use capabilities to stop spam without identity?

Rob Meijer rmeijer at xs4all.nl
Mon Jan 22 00:54:54 CST 2007 

On Sun, January 21, 2007 13:52, Matej Kosik wrote:

>> What do you think?  It requires identity.  For human to human
>> communication, this
>> might be OK????
>
> Such a scenario is possible but I do not see how it could shield Bob
> from spammers. Spammers can create a script that create zilion
> identities and send Bob zilion different requests for capabilities to
> writing to him. This would not help Bob because
> - if he grants them, he will receive zilion messages and then he must go
> though them and sort useful from useless and one by one revoke those
> issued capabilities.
> - if he does not grant them, then he lives in its own closed world. This
> is very simple but makes the system unusable.
>
> I see no better solution as it was described in the Marc Stiegler's
> book. You do not have to care who is writing to use in advance. This way
> you can treat all people in the same manner. You are protected from spam
> and if you are polite others (if they send you non-spam) will not lose
> their money.
>
> Concerning the need of identities:
>
> Identities are here to discriminate among people without physically
> meeting them. That is useful for
> - revealing how much trustworthy is the other guy with which you want to
> do some business (sell him something, buy something from him)
> - revealing how much trustworthy is the journalit whose articles you
> want to read
> - revealing how much trustworthy is the politician wants to be elected
> by you (voting for anonymous faces in the communal politics is a
> terrible option)
>
> The book sketches a scheme similar to a web of trust in which anyone can
> build its own identity/ies.
> --
> Matej Kosik

The use of identities for spam 'should' imho be that if done right it
should assure that one person only holds one identity, thus limiting the
scenario
abouve. I feel that the validation process that CACert.org uses might proof
rather usefull for these purposes.
If Alice would use her CACert certificate to sign her communication
request, Bob could use his certificate to sign this request. The signed
request could
after this actualy act as a delegatable capability both to send mail to
Bob as to send mail to Alice. There are some more details to adress, but
basically it could work almost as simple as this.


Rob

More information about the cap-talk mailing list