On vrijdag, mei 30, 2003, at 02:18 Europe/Amsterdam, Christian Huitema
However, creating new publick/private key pairs is an incredibly
Uh? Creating a Diffie-Hellman public/private key pair is actually
simple. Even an RSA pair is not all that hard, considering that a
N prime numbers can generate N.(N-1)/2 key pairs.
Ok, so the actual generating of new keys may not help us much.
consequence of authenticated e-mail is bound to be authenticated
You don't see that as a step in the right direction?
It depends whether you use something like PGP or something like PKI. If
PGP or PGP-like, then the spammers can very easily create throw away
identities, and we have not gained much.
Only the ability to recognize a known sender.
In fact, spammers seldom fake
the email addresses of one of your friends, so a PGP solution would not
be a dramatic improvement over simply maintaining a "white list" of
friendly email addresses.
If PKI or PKI-like, then the spammers would need to obtain an actual
certificate for each of their throwaway identities. But so would
everyone else, which implicitly limits the cost of obtaining a
certificate to whatever the public can bear, and the amount of identity
checks to whatever the public is willing to accept, which today is an
e-mail reachability test. So, the spammers will be slowed down, but not
Disagree. If people want to run their own MTA or a substantial mailing
list, it's not unreasonable to require much more than a simple email
reachability check. Usually this includes buying a domain name anyway.
Having to buy a certificate or having some relations sign a newly
generated key isn't a huge imposition.
People who don't want/need an MTA of their own and only send hand-typed
email can use a service provider who can limit the number of messasges
from such customers to 100 per hour or so. That means that even if a
spammer spams for an entire weekend until his account is yanked, that's
less than 10k messages which isn't enough to make spamming worth their