--Prasenjeet Dutta wrote on 04.03.03 16:26 +0530:
The only hitch is an infrastructural problem of getting a
"relay-identity-only" CA up and running who'd handle the X.509 infrastructure
for handle certificate signing and revocation list management -- for little
or no cost (cost obviously detering
non-profits from using this).
Any entity registered with such a CA would satisfy Step #1 of Brad
Templeton's plan for spam -- "Whitelist those who will be accountable for
abuse", and we could reduce the problem set to dealing with rogue SMTP
servers.
Such a 'whitelist of accountable servers' would need no cryptography
at all and could also be distributed via dnswl (note the 'W').
Problem here: what constitutes 'accountable', how many unresolved or
ignored complaints will be needed to revoke the privilegies, how could
they proof an address indeed has passed the verified opt-in with the
exact same entity which sent the mail (which also requires to compare
both signup-page, the confirmation-request and the content of the mail
manually) without allowing the mainsleaze for listwashing.
This would require a trusted entity which does the whole confirmation
and managment, some kind of 'consent clearinghouse'.
Roland
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg