From: "Jon Kyme" <jrk(_at_)merseymail(_dot_)com>
...
No, Dave's response was on target. If ISPs would enforce strict T&C,
there would be no spam. User names and passwords are required to send
spam, and ISPs could terminate accounts for spamming. Expecting ISPs
to revoke certs for spam when they now refuse to termiante accounts
for spam makes no sense.
NO, begging your pardon, you're mistaking me - I commented that a *CA*
(not necc. an *ISP*) revoking a Cert would be required to make something
like this work. I know that applications have failed to check back up
certificate chains for revocation, but if this were done then an ISP would
be unlikely to risk their cert by signing spammers certs.
Please by all means argue with what I said, but it's most unfair to shoot
me down for saying something that I did not in fact say.
I'm not sure whether this is feasible at all. I don't claim any special
knowledge in this area.
...
Yes absolutely, and there's currently no sanction against rogue ISPs
except blacklisting.
You implied that the use of certs could have no impact on this issue,
I merely pointed out how it *might*.
I didn't understand that the idea was to have CAs revoke the certs of
ISPs when ISPs failed to revoke the certs or terminate the accounts
of spammers. However, that is even more implausible than expecting
ISPs to start terminating spammers. UUNet won't terminate its small
resellers that cater to Ralsky and friends. Why would Verisign revoke
UUnet's certs, merely because third parties complain to Verisign about
getting spam from UUNet's customers?
You must "follow the money" in any proposed solution.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg