<HTML dir=ltr><HEAD><TITLE>Re: [OpenID] XRI and OpenID mailers</TITLE>
<STYLE type=text/css><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></STYLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText4469 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Could we just ensure the mailing list archives offer an RSS feed, to which one subscribes via the openid.net website (after an openid login)?</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Then, each person's openid-enabled blog aggregator of RSS feeds (e.g. mag.nolia) can indicate the degree to those aggregator-folk have complete and timely access to a event stream. My "reputation service" can then scan *my* selection of the aggregated sources to detect consistency amongst a working set that I pick against my criteria on each scan, and thus gauge whether the mailer is being interfered with either grossly or selectively. This data will then speak to the reputation value I assign and then publish about the mailing list source, for others to rely upon when using my particular OP/AX to obtain dynamic reputation attributes. (*)</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Perhaps this is one thing the OpenID Foundation could do really usefully - use its website to be showcase for interesting application and integrations of OpenID. Need to avoid the vendor-vendor squabbles tho (e.g. whose blog suite would power the site, like last time), and ensure that the site can front any well-maintained semi-experimental services, re-badged as Foundation services to remove commercial exploitation opportunities from mere brand-association with the Foundation.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>(*) Basically, I'm just re-building /re-casting the defunct ValiCert Validation Network, you might note, using AX now rather than an OCSP responder. The nice thing is that there is a patent examiners file on the (one) underlying system with a nice prior art and official "determination" history, which will address both OCSP and AX (and X) - which are obviously just embodiments.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV></DIV>
<DIV id=idSignature95693>
<DIV><FONT face=Arial color=#000000 size=2><SPAN style="FONT-SIZE: 7.5pt">_________________________<BR></SPAN><B>Peter Williams<BR></B></FONT><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> SitG Admin<BR><B>Sent:</B> Sat 4/26/2008 3:22 PM<BR><B>To:</B> Peter Williams<BR><B>Cc:</B> general@openid.net<BR><B>Subject:</B> Re: [OpenID] XRI and OpenID mailers<BR></FONT><BR></DIV></DIV>
<DIV>
<DIV><FONT color=#000000>>I notice that a goodly percentage of posted emails to</FONT> <A href="mailto:general@openid.net" target=_blank><FONT color=#000000>general@openid.net</FONT></A><FONT color=#000000> are not distributed by the openid.net pipermailer to my particular registered mailbox. I don't know if this same phenomenon occurs for others.</FONT></DIV>
<DIV><BR></DIV>
<DIV>At first I thought the list wasn't sending me copies of messages that already had my address in the To/cc list (which made sense, to save bandwidth, but it was still annoying since I didn't realize messages were posted to the list rather than addressed to me personally). This turned out to be fixable by setting my filters to look for the list's address in either of those two areas; previously I'd been looking for an X-BeenThere header.</DIV>
<DIV><BR></DIV>
<DIV>An annoyance that requires my constant attention to fix is the list's Reply-To (Sender) header; on at least one occasion I have not only forgotten to add the list's address to my outgoing mail, but missed this omission for some time thereafter.</DIV>
<DIV><BR></DIV>
<DIV><FONT color=#000000>></FONT>applying microIDs and openIDs to listing archive and email distribution! Prove that you are getting the stream in a timely fashion, as are others, in an era that acknowledges that military dis-information campaigns are rife in mainstream media.</DIV>
<DIV><BR></DIV>
<DIV>I'm not sure that's the exact proof we need to be worried about. How important is it to prove that we *did* receive something? And even if we *can* prove that X did receive something, we still can't prove that X *read* it. (Unless we use Receipts, not to re-invent the wheel, but even that still won't prove that X *understood* any of it. For instance; I open your messages, Peter, and often can't understand them, but I still need to read at least a few lines to know that it's more XR*, of which I know nothing.) A more interesting question would be proving that we *didn't* receive it, or, since proving a negative can be tricky, proving that we received it *at a particular time*.</DIV>
<DIV><BR></DIV>
<DIV>A bit of extra negotiation between mail servers might accomplish that; each transmitting node must accept a datestamp from the receiving node, (verify that it is correct and) sign it, then send it on to the receiving node before that node will accept delivery. Each receiving node must reject delivery if the message actually arrived (in full) much later than the agreed-upon datestamp. These signed datestamps could be included in the message headers, giving its ultimate recipient the power to prove when the message was sent/received on a per-node basis.</DIV>
<DIV><BR></DIV>
<DIV>This seems like it would be better implemented with an E-mail spec than microID/openID, though. I think the main problem with getting OpenID to play nicely with E-mail is that they're different systems; sure, E-mail *can* be web-based, but I for one download it to my computer. Still, until then it's stored in a way that *can* have a web interface to it, so it's just a matter of getting all the parts to talk to one another.</DIV>
<DIV><BR></DIV>
<DIV>Proving that I *have* a message can be done in a fairly straightforward manner, and even as a zero-knowledge proof; anyone curious about it generates a random string, sends it to me, and I append it to the message I've received before hashing them; the problem with this is that any differences in auto-formatting (line-wrap, type of line return, and HTML being some obvious culprits) between mail clients will break it, and we're *still* working out the problems with *those* differences ;)</DIV>
<DIV><BR></DIV>
<DIV>To prove that you're *not* getting it, you need to be able to demonstrate that the *list* cannot prove that you *have* received it. Because, really, *you* could just pretend to have not received anything, and deny that you had. The list could, I suppose, refuse to send you any further messages until you admitted to having received the last, but then that would slow down reception of many messages, which would normally be sent all at once. At that point you *wouldn't* be receiving messages in a timely manner, which would defeat the purpose ;)</DIV>
<DIV><BR></DIV>
<DIV>-Shade</DIV></DIV></BODY></HTML>