On Tue, Mar 04, 2003 at 04:26:35PM +0530, Prasenjeet Dutta wrote:
The only hitch is an infrastructural problem of getting a
"relay-identity-only" CA up and running who'd handle the X.509
infrastructure for handle certificate signing and revocation list
management -- for little or no cost (cost obviously detering non-profits
from using this).
...
Is such a 'free' "relay-identity-only" CA feasible? (Perhaps running on
donations from the community? Businesses spend enough on anti-spam
software and bandwidth that they shouldn't mind paying to reduce the
amount of spam they get.)
Keep the road warriors in mind. People keep critizing my RMX proposal
because they want to be able to send e-mail from virtually anywhere
with their mobile computers. You can't address this problem with a
relay-identity-only CA. It's actually just a different implementation
of the RMX approach to reduce the mail origins to a limited number
of authorized relays. It's just a different
authentication/authorization mechanism.
The second problem is that you will never get such a CA approach
sufficiently widely spread. What to do with countries which don't
allow cryptography? What to do with admins who don't understand
cryptography? What to do with stolen or lost key? You'll need a
revocation infrastructure, usually based on web or ldap servers.
regards
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg