On Sat, Jun 07, 2003 at 07:28:12AM -0700, Dave Crocker wrote:
TH> I would like to see the outcome of a bof be identification of an
TH> approach to globally verifiable authenticated email. I have no doubt
TH> there will be many gaps in our current tool set (starting with a
TH> deployable PKI), and a truck load of operational guidelines to develop.
What is wrong with PGP and/or S/MIME?
How do they fail to provide 'globally verifiable authenticated mail?"
Again, I'd like to repeat my observation that we don't need to provide
"globally verifiable authenticated mail" in order to solve the SPAM
problem. Given the notable lack of success in setting up a global PKI
after more than decade of trying, assuming that this is a prerequisite
for solving the SPAM problem is merely setting ourselves up for failure.
Bare keys will do; consider a system where people keep a list of those
keys that they will accept mail. If someone tries to send mail and
their key is not on the recipient's list, the mail is returned to them
until they can perform a Hashcash calculation consuming a non-trivial
amount of CPU time, at which point their key is placed on the
recipient's list, and the sender can retry to send the message. If a
recipient receives SPAM, they simply drop the key of the sender from
their "ok-to-receive" list.
This avoids the whole requirement of binding identities to names via a
global system that everyone trusts, and it avoids the problem of
determining who to trust regarding whether someone is or isn't a
I'm sure this isn't the only way to do things, but I'm also sure this
is far more practical than any scheme that requires a global PKI.