Minor Description
From reading the protocol spec, it appears that UCE (Or Unsolicited
Commercial Waves (UCW)?) could still be a problem. I have read in the spec
that the underlying XMPP connections will be secured using TLS, but perhaps
we should go one step further and require validation of domain certificates
in order to prevent anonymous and ubiquitous junk-mail which has plagued
e-mail systems for years. One possible answer might be to use a resource
record in DNS to store the public key for a wave-domain and require the
validation of the certificate in order for wavelets to propagate between
wave-domains. An additional measure might be a methodology for allowing
wave-domains to validate users when wavelets are propagating. So,
wave-domains would be ensured that the source of the wavelet is from the
indicated server and that the user account is a valid user in good standing
prior to allowing that user to participate in a wave. This would make
current UCE/UCW all but impossible because every user would have to be
validated and could be individually denied. Bot nets would have no chance
because they cannot be validated. Mass accounts created on public servers
would be quickly sniffed out and locked upon suspicion of spamming. It
would solve many of the problems of modern messaging.
—
Issue imported from http://code.google.com/p/wave-protocol/issues/detail?id=5
Owner: anthonybaxter
Label: Type-Defect
Label: Priority-Medium
Stars: 5
State: open
Status: New