ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Certs required to send mail

2003-03-25 11:30:17
from [Valdis . Kletnieks] [Permanent Link] 
On Tue, 25 Mar 2003 17:32:23 GMT, Jon Kyme said:

See? Following the money. Also (as I've said) a "business" rather
than a "technical" problem. I'm not qualified to judge the business case 
for this - you?


I believe Douglas Adams had a nice quote about "how many philosophers had
come up with many explanations for mankind's unhappiness, most of which
involved the movement of small green pieces of paper - which was odd, as
in general it wasn't the small green pieces of paper that were unhappy".

AOL and Hotmail aren't gonna do *SQUAT* with certs unless it's clearly
demonstrated to them how it will help their small green pieces of paper
in *THIS* quarter's SEC filings.  Stockholders don't seem to be interested
in the long-term prospects, why should upper management?


I don't understand why there's this almost "religious" objection to
proposals
based on signing - I guess that that shows how little I understand this
"culture" .


The problem is that even those of us who *believe* in crypto are having a
hard time seeing how to jump-start the PKI on the scale needed to stop
spam.  I sign stuff, and I've advocated that the next release of Sendmail
be shipped to by default advertise STARTTLS (generating a self-signed cert
with openssl if needed) just to piss the Echelon people off.

That doesn't mean I know how we can launch either a PGP or x.509 PKI that's
sufficiently large, robust, *AND* trustworthy to be useful as a one-stop
fix for spam.

The problem is that there's *three* requirements up there, and people want to
make it a solution.  What we seem to be lacking is a general understanding
that any anti-spam solution is going to be "chinese menu - pick one from column
A, B, and C".

A nice column-B ruleset:  If it's signed by a cert that's strong enough to
link it to a person or business entity, it's probably not spam. If it isn't
signed, see column A and C.

A bad column-B ruleset: If it's not signed by a cert, reject/spam/whatever it.

See the difference?

Attachment: pgpF8mj5AHtz7.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Requirements for gathering statistics, Alan DeKok
Next by Date:  Re: [Asrg] Protocols, Dave Crocker
Previous by Thread:  Re: [Asrg] Certs required to send mail, Vernon Schryver
Next by Thread:  Re: [Asrg] Certs required to send mail, Brad Templeton
Indexes:  [Date] [Thread] [Top] [All Lists]