On Tuesday, April 01, 2003 8:31 AM, william(_at_)elan(_dot_)net
[SMTP:william(_at_)elan(_dot_)net]
wrote:
There is nothing stopping spammers from generating new keys and certificates
for their mail servers, so we can have servers exchange certs, but really
not authentication there as far as who is who.
Slightly better is if server must have a public certificate verifyable
though DNS, then whatever name is at EHLO, it can be checked at DNS and
then you know who it is. This does not stop spammers from adding their
certs into dns either, but at least then we are requirying them to have
valid dns record for mail server and they really do not like that idea...
(but they can still just get new domain for $6 which is real cheap as far
as preventing abuse and changing domains all the time - to stop some kind
of ip block verification has to be done or DCC like system).
I think this is a primary requirement (authenticity of origination - in some
form), do others feel that authenticity will add to the efficacy of any
approach or a majority of approaches?
-e
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg