Would all data between mail servers needs to be encrypted? I would
imagine that only a secure handshake on conection would be required.
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org]
On
Behalf Of Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
Sent: Monday, 17 March 2003 17:55
To: John Rumpelein
Cc: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] A method to eliminate spam
On Mon, 17 Mar 2003 14:40:48 PST, John Rumpelein
<jmr(_at_)jmrtech(_dot_)com> said:
It is already more or less required that organizations buy
a CA-issued
SSL cert to operate a web site dealing in credit card transactions.
Now, is that *legally* required, or is that simply the guys
at Visa and Mastercard saying "We won't clear transactions
for you unless you...."
I believe it to be the latter.
Maybe it is not so farfetched that they should do this (or
maybe use
the same cert) to also operate a mail server?
Hmm.. if AOL and Hotmail and Yahoo were to insist on it, it
might have a snowball's chance of flying. The big question
is whether there's enough supply of SSL accelerator cards,
and if certs were economically feasible.
Remember there's a lot of .com's and .org's that are 1 or 2
boxes in a colo, or a box or two in a closet in somebody's
basement (literally half my personal mail goes to places that
are at the skinny end of an ADSL or cable modem). If you can
think of a way to deploy this without bankrupting those
places (they'd not need an SSL card for 100 smtp-over-ssl a
day, but a full-blown .COM cert may put their budget over the
edge). Any ideas?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg