Thanks Greg. These issues are completely addressable under the current contract (and even the previous one) - Dattatech is plainly violating the entirety of RAA 3.3.1. We can't just look to the future for answers because then it will be put off for the next version. That the new version is "more demanding" sounds like "double-secret-probation". It's demanding now, but only as good as ICANN's ability or willingness to enhance. This has never truly been policy issue as much as an execution or process issue. ICANN wont or functionally cannot perform the task. This is also about ICANN making big flourishes about doing something and then quietly not doing it. There is very little (no) transparency to the statement that "questions were raised" is the executor of policy. Idea's being tossed around is the approach ICANN should be taking, it should be soliciting real solutions. I have already come up with an algorithm for ensuring valid WHOIS based on existing technology and without going to the extreme step of requiring identity papers, I have never offered that as a solution. It's not brain surgery, I know dozens of coders who would submit RFPs if ICANN would accept them seriously. When the validation project started I thought it was completely inappropriate to task the registrars with developing and funding such a system. This should not cost the registrars or the registrants a penny more and should not have to. There should be standard to implement at low cost and not a hundred standards with varying levels of effectiveness. ICANN isn't serious about doing this, that's the problem.

Am I understanding correctly, that you think your privacy and comfort is more important than the general population. You don't think every owner of a domain should have a paid up, license on record. You don't think they should be held accountable for their actions? I'm obviously not as old as you. However, when InterNIC was properly operated and functioning properly, there was little cybercrime, because each domain owner had a specific, trackable identity. Am I correct in understanding that you use one of those masking services? The ones owned and operated by the cybercrime industry to protect their operatives? Am I hearing you correctly? If so, I'd like to hear your take on domaining and domain kiting ... where that fits into your TLD "zones" . . . Would you freely allow an unknown entity to register 10,000 domains in a half-second, without a WhoIS, and then give them up a week later without paying?

In .ewe yes, I value privacy more than conjured fears. I am not among those who presume that anyone who registers a domain name is a criminal. Nor do I believe that speculation is an offence against humanity. And I believe in fair and due process - I reject vigilante methods. One may ask "What specifically do I mean by fair and due process?" Here's what I've long proposed: If someone has violated your legal rights, then you ought to be able to make an accusation, stating onto a permanent record who you are, the nature of your legal rights, how they were violated, you you believe violated those rights, and why you believe it is that accused person rather than someone else. Moreover you should be obligated to agree to an agreement, to which the domain registrant has clear third party beneficiary rights of enforcement, that any information obtained will be used for the sole and exclusive purpose of redressing the asserted violation of your rights and will not be transferred to any third party. All of that information and entry into the limited-use agreement should be set down *before* one gets any access. If one can't meet that rather minor hurdle or make a promise of limited use then why should we violate the privacy of domain registrants? My purpose with .ewe was to demonstrate several of the fallicies ICANN pulled out of thin air and constructed into the foundation of its rules. Why should domain names be sold on the basis of yearly rental? Why a maximum of ten years? Why should updates of domain information be bundled with the yearly rent? Why should there be registrars? Why should ICANN be an arm of the trademark industry? Why should business transactions of non-dangerous instrumentalities be published to any and all without even giving the data subject a list of who inquired? You can read more on this at: http://www.cavebear.com/cbblog-archives/000331.html

I agree with everything you say. * I am ALSO not among those who presume that anyone who registers a domain name is a criminal (after all, I own dozens of domains). * I ALSO do not believe that speculation is an offense against humanity. * I ALSO believe in fair and due process. Yet we seem to disagree on what is reality and what is not reality. The process you propose is almost as faulty as ICANN's. And it would be a miracle to enforce either. That's part of today's problem. By the time you did that diligence (which I agree, in a perfect world should be required) the crooks are gone. "Excuse me sir, you'll need to make a legal accusation that you've been denied your legal rights before we can treat your gunshot wound and pursue the criminal who robbed your convenience store. Can you sign this limited-use agreement? Ooooops, I'm sorry, you've lost consciousness... oh sir, oh sir..." I realize that is a fairly silly metaphor, but when a felony has clearly been committed, it's difficult to expect both parties to agree to anything before action can be taken. There's a bridge for sale in San Francisco. But it sounds like you are suggesting that "accountability" is the same as "responsibility" ?? ... I believe they are different. We both believe that everyone should be responsible. But there are those in the world who are not responsible to do the right thing because there is no accountability. People are basically lazy, self-centered and greedy. They're not going to do the responsible thing unless they're held accountable to do so. You seem to be at least somewhat concerned with the state of the domain system. Help me understand why you believe : > If one can't meet that rather minor hurdle or make a > promise of limited use then why should we violate > the privacy of domain registrants? Example : I am completely capable of meeting that minor hurdle... yet my privacy is being violated and I'm being computer harassed to the tune of approx. 300 computer breakins a day (Close to 4,000 in the past 10 days) by the SAME cybercrime cartel maybe in Russia, maybe in the U.S. I've reported them more than 70 times to their provider, their host, their secondary host, their registrar and ICANN. All I get is a note saying that ICANN will allow the registrar 45 days to respond. Can you think of one reason why nothing's done? I knew you could . . . of course : because they don't have to. Nobody is holding them accountable. Just read Garth's complaints to ICANN. Why aren't they regulating those domains and registrars like they're supposed to? Are these the people you are sticking up for? So I've followed ALL of the requirements you dictate for your proposal. Everything you say should be done has been done. Everything. Now what? You thought all that up, but you didn't come up with what happens "next" ... In your proposal, what do you do if they don't comply? Who is going to make the OTHER guy toe the rope? So I used the 'official' complaint forms. I gave all my personal info they asked for ... I made myself fully accountable. Here's who is asking. At the end of the 45 days I'll get a canned message from ICANN saying they've checked it and the Registrar confirms the information accurate. (Except we called the phone, and it doesn't exist, we tracked the address in New York, which is the parking lot for a Guitar company, and we emailed the owner and "Google" sez that address doesn't exist.) I agree with you. ICANN and the WhoIS are BOTH worthless -- except for making money for someone. I believe strongly that ICANN should be disbanded and replaced with a working system that makes ALL domain owners accountable. Not just you. Not just me. But ALL domain owners -- every single last one of them. We both agree to reject vigilante methods. We both agree there needs to be fair and due process in place. But we don't seem to have a "what next" statement -- what makes our other two agreements function? I proposed the "ISP Self-Regulatory Initiative" in year 2000 for the FTC Spam Forums held in Washington. It gave the what, how, what if, and then statements in no uncertain terms. Middle school students understand it. However, it would work if and only if the big five providers took the initiative and adhered to it. Don't you think they would? To end all that bandwidth and security waste? Well, they didn't. In fact they wouldn't dare. Because they're all making too much money off cybercrime. Imagine Google making their users be accountable . . . when 40% of the phishing and cybercrime email today comes through gmail accounts, and Google uses the metrics and numbers to sell the big advertisers. We're talking billions of dollars in profits here. There is a huge industry out there that doesn't want anyone to tamper with the Domain or DNS system. And they're making sure it keeps on just like it is. You see where this is going, right? Because in today's internet society there IS NO ACCOUNTABILITY nor RESPONSIBILITY, nor HONOR. It's all about the dollar and how much they're making off the miserable state of affairs. Network Solutions has 2,000,000 domains they paid 80-cents for but charged $35 for. Hello? Anybody home? So we can all sit back and watch that house burning but not do anything about it. Help is NOT on the way. The answer to all your questions is "No, they shouldn't -- they don't need to." Yet all of your questions are totally irrelevant to the issue at hand -- the intelligent, effective management of the DOMAIN system. So you ask : > Why should business transactions of non-dangerous > instrumentalities be published to any and all without > even giving the data subject a list of who inquired? Why did you buy tags for your car? (assuming you did) Why should my ownership of your car be published to any and all without even giving you a list of who wants to know? Why should radio stations register for their band width? Why should your business address be published to any and all without even giving you a list of who inquired? Why should anything be regulated? Why can't we buy the drugs we want? Why can't we sell the drugs we want? Why shouldn't we send 25 million false emails a day? Why can't we just register any name we want? Why should there be registrars? Why should ICANN be an arm of the trademark industry? (Are they? NO.) Are these questions for civilized people? I am glad that we both agree. But not glad that it's the way it is and nothing's being done about it. Good day

Sir, just wanted to add one thing ... I must stay that after reading the "CaveBear Blog" article -- I quite like what I read, and quite agree with what you're saying. Truer words were never spoken: THE ROAD WE DID NOT TAKE WOULD HAVE BEEN THE BETTER CHOICE. It's the same thing I've been preaching. Thank you Mr. Clinton and Algore.

The DNS was designed to give a hint, not an iron clad "this must be who I want to talk to" answer. There has been much confusion because the DNS protocols contain an "authoritative" bit - but that merely means that the server that is answering has the zone file directly rather than having picked up the data indirectly (via plucking data from other queries.) The internet architecture is missing a layer - which a layer that allows mutual identification and authentication. If one used a telephone directory in the way that people use DNS, we'd be dialing numbers and without even asking the other end who they are we'd shout out our innermost secrets. But we know better to do that on the telephone. We should know better than to do that on the internet. When you connect to something on the internet you can require actual proof - such as by shared SSH keys or PGP/GPG keys or by back-chaining up through SSL certificates and by validating DNSSEC. We should not throw privacy aside in order to obtain a bad solution for a problem that can be solved by people using the identification and authentication tools that are already present. Besides, if you don't know with whom you are interacting then the solution is simple - don't interact, or at least don't give away your store. By-the-way, do you know about the other Whois system - the one for IP addresses? That one is far more reliable when tracking down those who you are accusing of ill deeds. Also by the way, as one of the few people who have won a legal action against ICANN - I would suggest that the information being tossed about on this thread regarding legal actions is - how shall I put it nicely? - not very good.

Besides, if you don't know with whom you are interacting then the solution is simple - don't interact, or at least don't give away your store.

By-the-way, do you know about the other Whois system - the one for IP addresses? That one is far more reliable when tracking down those who you are accusing of ill deeds.

You make the immediate jump from "there are criminals" to the conclusion that every one of us on the internet with a domain name should be naked to the world because we just might be one of those criminals. Guilt by mere accusation is not a good way to run a railroad, an internet, or a society. Rather, as I see it if one can not articulate a prima facie case of accusation against someone they one ought not be given a can opener into the affairs of that someone. And any opening into those affairs of an accused must be constrained to only those purposes reasonably related to resolving the wrongs described in the accusation. The problem of people being mislead by scammers will not be solved by simplistic accusations and mass violations of privacy. Rather the problem is that the internet technical development community has ignorred known lessons of network security - particularly the issues of mutual identification and authentication - for forty years. Yes, forty years - that's when I first worked on network protocols that would prevent connectivity on the ARPAnet until the two ends enunciated their identities and proved those identities to one another's satisfaction. The technical elements of the solution you want is not to be found in Whois. Rather it is to be found in missing layers of the internet architecture. There are, of course, social aspects - bodies such as ICANN are leading internet users astray by using misleading (and technically incorrect) phrases such as "the authoritative DNS". This self-aggrandizing on the part of bodes such as ICANN gives users the false belief that the domain name system is in some way a fount of pure data when, in technical fact, DNS merely gives hints that say "try this address in hope of finding what you are looking for." In addition I suspect that the world is rather the opposite of what you paint - that the reality is that the DNS Whois database is used by sales people to find (and annoy) prospects and for scammers to find victims. As for IP address Whois - it is more reliable than DNS data because among the community of people who have addresses and the people deal with internet routing there is real operational value received by publishing contact information. So we tend to keep it up to date and also have not experienced much abuse of our data.

You make the immediate jump from "there are criminals" to the conclusion that every one of us on the internet with a domain name should be naked to the world because we just might be one of those criminals.

In addition I suspect that the world is rather the opposite of what you paint - that the reality is that the DNS Whois database is used by sales people to find (and annoy) prospects and for scammers to find victims.

I don't know what jurisdiction you are in but just yesterday I created a new corporation with nary a whit of public information about who the real owner (me) is. In fact it is extremely common for businesses to be established or property owned via intermediaries that have nothing more than a designated recipient to receive legal process. "Balance" consists of something different than the wide open door, naked domain name registrants, you are advocating. "Balance" means obligations on both sides - and the approach you are advocating imposes no obligation on those who want to access data. A balanced approach would require the making of a prima facie case, with presentation of evidence, that the accused name is doing some specific act that is causing a specific legally cognizable harm to a specific right of the person making the accusation. And "balance" would also give the accused the chance to rebut the accusation and would limit use of the data to resolve that situation.

Thanks for asking, yes, before the article was posted Compliance was notified but there has been no acknowledgement of the issue at this registrar. I have little faith in Compliance at this point since they have not been square with the public about something so trivial as to how many employees they have. As far as their ability to actually process complaints, this is highly questionable.

Garth As a "contracted party" with ICANN we are subject to complaints that are handled by ICANN's Compliance team. ICANN do act on them and do address them and we are bound to respond and deal with them. I've also submitted complaints to ICANN about whois issues both where the entire registrar's whois was not functional and where the data was "suspect". In both cases ICANN has been responsive, as have the affected 3rd parties. I'm not sure how long ago you submitted complaints about the issue you outlined, but I'm yet to come across an actionable issue that was being ignored by Compliance. So you are saying that this complaint was submitted as part of a bulk whois inaccuracy complaint? Regards Michele

Michele, I think you are in a unique position as a contracted party who is actually engaged in the process and the dialogue. On the one hand you are required and will respond to ICANN, as you know there are registrars who don't and not much happens after that. In terms of your complaints to compliance, they get more attention than the ordinary netizen would. The ultimate question is how does ordinary consumer get real response from a problematic registrar when ICANN wont help? I'm engaged at the highest levels here and it is still difficult. The ordinary user should not have to work so hard. -Garth

I agree that ICANN's response to complaints is inadequate - witness things like the RegistryFly debacle. On the other hand, if "law enforcement" shows up on ICANN's door with a valid warrant or subpoena then ICANN has no choice but to respond. Has the illicit drug sitution to which you allude resulted in such a legal order? If not then it is not ICANN that is to blame, it is the law enforcement authorities who are not doing their jobs.

Karl ICANN changed a LOT of policies and processes after RegisterFly - I don't think that it helps anyone to look at past issues like this. Michele

I've also made recent (within the last year) multiple complaints to ICANN about ill behaved registrars - for example one that made it nearly impossible to transfer away and took weeks to complete its side of the transaction. ICANN's response: nil. In the great scheme of things has ICANN's enforcement improvement amounted to anything significant? My view is based on anechdotal evidence - a statistically meaningless sample, but it's what I have. I sense that those who deploy new TLDs under ICANN's new TLD program may be more active than either ICANN or the incumbent registries as they have to build their brand image and need to make sure that their TLD's don't become tarnished by ill acting registrars.

... I can upload several gigs of data so you can see that 95% of the serious/damaging cybercrime being purveyed today via email requires a DOMAIN. I received 234 today and only 6 of them did not.

I cannot believe that you don't believe that the dangerous cybercrime launched on the general public does not rely on a domain. That shows how disconnected you are from the real problem. You've probably got a provider using a really good spam filter or black hole. I cannot even begin to count the times I've heard that exact same rationalization and arguement in SpamCop report rebuttals from rape-site owners, hackers, stalkers, predators, phishers, and a score of Nigerians ... not to mention Senators, Congressmen, CERN employees, Google employees, AOL employees and college professors. They all seem to want to make it easier and cheaper -- maybe even FREE -- for everyone to have a domain. Yada, yada. Duh. Did you think nobody knows that the cybercrime industry doesn't adapt? Hello, we were fighting those people on Compuserve. Sure they adapt, it's their job. The key is make it too difficult or too expensive for them to adapt. > but I require evidence that imposing the barriers you > propose will have the outcome you predict. The evidence is seen in the original system. BEFORE the Clinton administration and Algore. You just didn't have domain abuse. Period. Inarguable evidence. And that's if we just simply disbanded ICANN and put it back the way it started. You must not have been around then. There was seriously no real abuse of any kind. Oh, a few bedroom crooks from time to time, but they were shut down immediately -- because they were trackable. But the discouraging thing is I'm down here in the trenches, tracking, recording and reporting thousands of criminal web sites and criminals, adding them to the big five black holes, working with Garth and Knujon -- taking hours and hours a week since 1995 to help do something about the increasing problem. To no avail. So let's see your proof that the claims are NOT accurate. You see, all the bitchers, moaners, left-anarchists, and free-this/free-that belly-achers very rarely ever come up with even spending two minutes on the problem -- much less thousands of hours helping everyone else be safe by bolstering THEIR spam filters. > Your working assumption seems to be that imposing rigid and > cumbersome requirements on the domain registration process > would stop the crime in its tracks. So, while I'm not putting YOU into the above categories, . . . pick one: [__] Prove that it wouldn't work [__] come up with a better plan that will work [__] Get off the tracks and stop holding everyone else up. Like my first post : If you're not part of the solution, you're part of the problem. Okay . . . no, I take all that back. I'm sorry I ever started posting here. Never mind.

Okay ... scrap all those other ideas -- you're probably right -- you cannot prove or provide any evidence that tightening the DNS/Domain system would ever help reduce cybercrime. Okay let's assume you are correct. How about this: A legislated taskforce is set up to monitor/analyze/extinguish threats. Maybe an office of 25 people with 100% immediate control. They casually follow feeds of email traffic filtering the spam and criminal activities into their system. Based on a set of hard-and-fast rules with oversight, (that all ISPs and registrars should be adhering to) they validate that the email is in fact, a criminal activity. (This is a no brainer.) Blink. Each of the task force officers is armed with two buttons. The first propagates the suspect to two other officers. The second approves the suspect posted by other officers for extinction. When they get three votes, that IP ... and/or IP block, suddenly is gone. No longer live and can no longer be used. Period. The domain is locked. Period. ("Russianchildrape.com" and "freeRolexwatches.com" or "getamuchbiggerpenis.com" cease to exist. 404.) They go on a couple of months like this, and the cyber criminals, opportunists, profiteers, belly-achers and anarchists are all screaming bloody murder, the press picks it up and it becomes a huge media thing. But continues. A group of six to eight could effectively squash 50 to 100 per day. I know, I have run the numbers. If too many, like the current ViaGrow campaign are all broadcast from the very same servers, ukrnames.com, campnet.ru and publicservers.ru, you just take out their entire IP range. BAM. Black. 404. Suddenly the phones are ringing. Innocent businesses are being hurt. Of course, Mr. Ukrnames, when you clean it up we'll hook you back up. See remedies below. Then one of the big ones -- everybody thinks is innocent -- gets taken out. BLACK. BLANK. GONE. Period. WOW. News gets out on all that and suddenly the ISP / Registrar industry is going crazy -- or to court. "Hey . . . we'd better clean up our ranks or it's going to happen to us!" GoDaddy is now forced to actually prevent criminal elements from using the service since so many of their innocent customers are at stake. Presto! Crooks gone from GoDaddy. Google is losing thousands upon thousands of email users now escaping to reliable, iron-clad "REAL" email providers. The criminal element begins to fade away. Joker.com gets rid of 50,000 crime domains just out of fear of getting IP blocks (most of Ambsterdam) shut off. ukrnames.com, optima.ua, and some of the others who's only purpose is to propagate crime disappear from the planet. Doesn't matter who sent the email, or if the site was hijacked. The task force is savvy enough to trace the trail, the money trail, to the suspect and act upon THAT entity. Innocent sites would not be affected at all, unless hosted on an IP that also hosts the criminal. And that's the ISP's responsibility -- once those innocent victime start screaming at their provider . . . or move their sites to another. But then somebody throws up a red flag and goes to court. Fine. There's an easy, two step remedy to all those woes: Their blocks get reinstated as soon as they provide a) a renewal fee, in the form of a valid cashier's check drawn on a U.S. bank, passed, and b) written validation that they are not the criminal web site that got shut down -- or else the criminal sites are gone never to be seen again. Once claims are proofed -- the Task Force replies (in writing, via U.S. Postal Service) with the password to get their IP turned back on. Bingo! They're back in business. Do you think they'll think twice before launching another crime site? I'll bet they will, and I have absolutely no evidence to prove that ... just gut feeling. Now, myself as a domain owner and IP owner would not mind this system. I'm honest and have nothing to hide. I don't host crime or use the internet to hurt or take advantage of anyone else for my own financial gains. How then would the crime industry react and adapt ???? "Your honor, this task force is taking away hundreds of thousands of dollars by shutting down our phishing ecommerce pages -- how can we extract the private information and money from citizens on the internet !!!" Or "Your honor, there is nothing wrong with our child rape sites! It's freedom of speech! The task force is causing us to lose ten-thousand dollars a day!" "Your honor, we're suing these guys because we can no longer fund our terrorist activities around the world! Sheesh, supplies and arms are expensive!" How long it would take, I don't know. But surely the honorable ISP and Registrar industry would be very willing to play according to the rules. Where would the others go? We don't know. And, probably wouldn't care. :-) PS : in the time it took to write this, our spam traps received 87 new spams ... all of which are illegal, and all of which rely on a domain to host the spam site. Hmmmmmmmm. 100%.

Fred, I have asked you to provide evidence that your remedies will work in accordance with your claims. You have responded with two messages. The first consists of the following points. 1. An accusation that I am disconnected from the real problem 2. A variation on the genetic fallacy, stating that you've heard the same objection from disreputable sources. 3. "The key is make it too difficult or too expensive for them to adapt," without analysis of what that will actually take, or what unintended side-effects will follow. 4. Reference to the extremely early Internet as strong supporting proof, based on the unsubstantiated assertion that its lack of domain abuse is properly explained by the governance model of the time, rather than other factors, such as its relatively small number of users. 5. A bit of a rant about being in the trenches, and a challenge that I should be the one to prove you wrong. The second message gives an outline of the powers and methods of a hypothetical anti-abuse police force, and offers speculative scenarios as to how and why it might be effective. I'm not going to rebut these messages: I am satisfied to summarise them, and allow them to stand on their own merits. For those who happen to be interested in a counter-argument, I refer you to my discussion of "barriers to entry" on pp.88--89 of my PhD thesis. Just bear in mind that the thesis is about designing protocols for abuse-resistance in general, not the prevention of malicious activity associated with domain names in particular, and adjust accordingly.

Now I understand where you're coming from. I read your referenced work, and found it most interesting as a thesis paper. We really do agree in principle -- although a little tedious, it makes a convincing case. The fundamental difference in our opinions falls somewhere between law enforcement practice and academia. You call protocol design "folklore" ... but you couldn't argue with the convenience store robbery metaphor. That's because when he's on the sidewalk bleeding, it's too late for academic pondering. ALL PhDs know speculation never has evidence until tested. You said so yourself. Surprising you'd expect me to furnish you all the data to support my theory. Theoretic science is never exact. But the guy bleeding, or the child abducted are hard to argue with. I talk to people who feel the same way. They hear about it, but just simply cannot believe that this stuff goes on, because they have no direct experience with it. You really don't believe that something as horrible as a child rape sites can exist until you work with law enforcement to get a child rape cartel shut down. People pontificate about it long and hard. The academics have a hey-day with hundreds of thousands of pages of posturing. The criminals laugh. I shocked an audience at my "safenetting" session at Macworld SanFran in 2002 with actual screen captures of child rape sites. We traced the history of working with Bedford Law Enforcement Task Force to squash those low-lifes. The audience was agast. We taught parents how to deal with the ever-growing threat eminating from the internet. My brother and partner in SafeNetting authored and implemented the curricula and programs now implemented in the middle school systems across Virginia. http://www.ugnn.com/safenetting/macworld/macworld_presentations.jpg http://www.rockingham.k12.va.us/highlights/highlightsjoeshowker.html But all chatter aside, what are YOU doing about your thesis? How many hours a week do you spend on getting it promoted into action? Are you a member of Knujon? Are you a member of Spamcop? Who all have you pitched this theory to? It sounds like a pretty convincing band-aid. I would think that after you put so much effort and time into it -- and you're so passionate about it, you would be pushing it into reality. Who have you contacted? Congressmen? Law enforcement? Where and what channels are you using to get it pushed into practice? Why hasn't the anti-spam, anti-cybercrime community heard of it before? I do not remember you presenting at Spamcon or the Spam Forums in Washington. Where have you presented? We have presented to congressment and legislators. We presented to the Attorney General of Virginia and after several years work have gotten some good educational programs enstated. I cannot remember your name at the Internet Caucus at the Capital. Are you acting on it today -- currently? What do you do today? Are you actively involved in internet policy making? Security enforcement? What? This says you were in school as a PhD candidate in 2010. The thesis is a major work. I applaud your efforts. While monumental in theory, implementation may be more difficult than my simple ideas. I will certainly pass your paper along to my channels. Let's hope it gets some traction because just like my "ISP Self-Regulating Initiative" presented to the FTC in 2000 -- until it is implemented . . . it's still just a paper. It was fun. Thanks for the exchange. Good luck and keep on fighting the good fight. http://www.ugnn.com/UCE/initiative.html

... although a little tedious, it makes a convincing case.

You call protocol design "folklore" ...

Surprising you'd expect me to furnish you all the data to support my theory. Theoretic science is never exact.

But the guy bleeding, or the child abducted are hard to argue with.

But all chatter aside, what are YOU doing about your thesis? How many hours a week do you spend on getting it promoted into action?

I do not remember you presenting at Spamcon or the Spam Forums in Washington. Where have you presented?

I will certainly pass your paper along to my channels. Let's hope it gets some traction ...