On 3/16/2004 3:41 PM, Yakov Shafranovich wrote:
How would introducing trust help with the spam problem? Would the cost
of doing so perhaps would be so prohibitive that we will not be able to
do so? Is it really possible to introduce trust that will actually work?
Trust is a contiuum, like everything else related to security.
Different people will have different levels of trust; having a marketplace
of trust brokers -- each of whom provide different levels and strenghts
based on different factors -- is appropriate. Some people and/or services
will require notarization-based trust, others will be happy knowing that
blacklist-dujour.org doesn't think the sender is scum.
I don't see what cost has to do with it. The IETF only needs to provide
standardized mechanisms for negotiating trust between end-points. Leave
the brokerage functions (and the implementation costs) to the service
providers who want to enter the market.
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/