04.08.06
Secure, personalized RSS
I keep waiting for secure, personalized RSS to take over business-to-customer correspondence.
With so much spam arriving and so many anti-spam tools being pressed into service, companies with legitimate business find it difficult to communicate with their customers. A lot of legitimate business email looks very similar to spam, and phishers work very hard to make their messages indistinguishable from legitimate email.
Furthermore, because of its fundamental architecture, it is very, very difficult to make messages secure and verifiable. Email is fundamentally a “push” architecture, where the message might go through a few servers before it gets to you. That makes it very difficult to tell who is really pushing the message to you.
There are also security concerns. Yes, there are schemes to encrypt messages, but you have to pass around and keep track of all the different keys you need; there are numerous possible points of failure.
RSS, despite people thinking of it as a “push” technology, is actually a “pull” technology under the cover. Your feed reader quietly goes and checks a site every once in a while, and only tells you when there is something new. RSS also works over HTTP, so can be done with secure HTTP.
The piece that’s missing is being able to tell who is connecting. I don’t know if any RSS readers have the ability to store and present a username/password pair to a feed source. I don’t know if there is support on the server side for keeping a record of who has seen what messages.
However, if/when the technology for both exists, then Wells Fargo could “send” me my mortgage bill by private, secure RSS. They would have to tell me (securely) what my personal RSS URL was, and I would have to enter my password information, but after that, all would be golden. My reader could check once per month at the time that my bill was ready, and Wells Fargo would see that I got the bill. Furthermore, if Wells Fargo saw that I did *not* pick up my bill electronically, they could then send it to me by snail mail.
No spam. No phishing. Security. Reliability. Non-repudiation. All good things.
