ietf-asrg
[Top] [All Lists]

Re: [Asrg] Certs required to send mail ?(Was: My Opinion regarding ietf asrg session (it went badly! ))

2003-03-25 06:09:57
Jon,
JK> If Certs were required to send mail AND were only issued under strict
terms
JK> and conditions AND revocation for T&C violation was properly managed.


And if everybody were a nice person, we would not have this problem.

When offering an "If" please discuss the feasibility of implementing the
proposal.



Dave,
I think you may have missed the context of my reply, 
which was not to make a proposal as such - but to comment on
this point made by Vernon Schryver


If certs were required to send mail, then we'd have big ISPs
distributing
CDROMs labelled "4000 free hours" and automatically issuing certs
along with user names and passwords.  There would be no change from
the current situation, except that the commercial CAs would have
another revenue stream.


(Which might profitably have been quoted in your response)

The feasibility would hang on a CA issuing certs only subject to
strict T&C, taking responsibility for revoking in the case of demonstrated
violation of that T&C and for client software to correctly consult
revocation
lists.  The technology for this is all well-understood but there doesn't
seem to be a body in place offering this facility.  But I'm not proposing
such a system - that's for others with more expertise in this area. And
besides,
its a business problem rather than a technical one.

This is probably equivalent to the CA maintaining a whitelist.
(with some cryptographic overhead :-)  )
As has been suggested previously in this group, a trusted whitelist
is very close approach to a "good solution".

 












--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>