On Tuesday, Mar 11, 2003, at 18:08 Europe/London, Vernon Schryver wrote:
If there is a PKI, you've still got nothing. Spammers can and must
be allowed to buy certs too. Authentication is not authorization.
With authentication you've got something though - a much stronger
ability to blacklist.
That's wrong, even if you tie email addresses to official government
identities such as U.S. social security numbers. As I said, Ralsky
and other spammers would never run out of social security numbers with
which to authenticate his spam. He could pay a "homeless person" to
use certificates based on the person's social security numbers for 2
or 3 weeks of spam. At the end of 2 or 3 weeks when that certificate
is widely blacklisted, he could hire another "homeless person."
You're focusing far too much on the perfect here. I said "stronger
ability to blacklist". Not perfect, but stronger.
Plus I think the above pushes Ralsky (or whoever) into a whole other
legal bracket than spamming, and thus gives the FTC the teeth they need
to go after him for federal crime. But IANAL so this may be false.
Matt.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg