Tripoli

The "Tripoli" anti-spam proposal looks like it'll be making the rounds. It's got an excellent pedigree (Lauren Weinstein and Peter G. Neumann). But I'm dubious.

First, anything which has the word "Empowered" in it ("An Empowered E-Mail Environment"), is a big red flag to me. Purely a Bayesian test :-). But in my experience, "empowered" is "a system that we're trying to sell as helpful to someone else, even though they never asked for it."

More technically, the problem seems to be right here:

A key aspect of the Tripoli environment is the concept of a third-party certified, encrypted authentication token that would be cryptographically linked with every e-mail message. Within the Tripoli architecture, this token is referred to by the acronym "PIT" (Payload Identity Token, henceforth referred to as "Pit") and is at the core of Tripoli.

[Note: "Tripoli PIT" tended to make me wonder if that was a subtle joke, akin to "Amontillado CASK" or "Telltale HEART". There's a Tripoli mineral which is pit-mined, but that didn't seem like the reference]

EVERY e-mail is going to be third-party certified? I can see the dollar signs in some people's eyes now (not the proposers, rather certain readers). A mint. An e-mint. There's already several I-am-not-a-spammer certification systems, for businesses which want to send legitimate (requested) commercial bulk email. I suppose there's a value in unifying an interface to these systems. But I'm not sure that's much empowerment. Maybe the certification will be useful for innocent senders caught-up in spam-blacklist wars.

I mistrust elaborate technical proposals to social problems. The gee-whiz always sounds nice in the White Paper, with fun buzzwords. But overall, people tend not to want it.

Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)