You implied that the use of certs could have no impact on this issue,
I merely pointed out how it *might*.
I didn't understand that the idea was to have CAs revoke the certs of
ISPs when ISPs failed to revoke the certs or terminate the accounts
of spammers. However, that is even more implausible than expecting
ISPs to start terminating spammers. UUNet won't terminate its small
resellers that cater to Ralsky and friends. Why would Verisign revoke
UUnet's certs, merely because third parties complain to Verisign about
getting spam from UUNet's customers?
Well, a better question is why would [ISP name here] buy a certificate
from [CA name here]
with which to sign it's subscribers mail certs (and risk having it revoked
if
they don't revoke subscribers) ?
A. Because (many users at) Hotmail and AOL don't accept mail without it.
(in my fantasy)
See? Following the money. Also (as I've said) a "business" rather
than a "technical" problem. I'm not qualified to judge the business case
for this - you?
Anyway signing at the ISP is probably cheaper to deploy.
I believe there has been discussion of signing in transport (received
headers?) .
I don't understand why there's this almost "religious" objection to
proposals
based on signing - I guess that that shows how little I understand this
"culture" .
Incidentally, which of "the man"s categories should this thread belong in?
Or should it go off list?
You must "follow the money" in any proposed solution.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg