On Wednesday, April 02, 2003 5:37 PM, Vernon Schryver
[SMTP:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com] wrote:
Authentication is meaningless outside "a trusted enclave."
I'm sorry, I do not agree. Authentication is only one albeit an important
concept within the context of security associations. It does not require a
trusted enclave to be relevant, in fact on abstraction authentication is
required to establish access to the trusted enclave, e.g. logging into your LAN
or logging onto a dial-up. Now the point you make about it not being complete
with out a complementary authorization element is absolutely true, but that
does not invalidate all other uses of authentication (an X.509 cert is a prime
example of this, as they can be issued with generalized uses based on it's CP)
there are in fact other important aspects I am sure you are aware of such as
the vetting processes associated with establishing a credential or credentials
used to authenticate. I don't think that requires a trusted enclave either,
but in all circumstances there is a requirement for an association between the
credential and that vetting process (however inconsequential that process may
be).
8<...>8
I can't think of anything that might qualify as a solution to spam
except what I think is inevitable legislation that will tax or license
bulk mail. That will not really solve the spam problem but only change
the spammers and limit the total spam in most mailboxes. I do hope
that the DCC might help with spam after that legislation, but it does
not qualify as a solution now or then.
I know you have got to be joking here, right? I too sometimes believe that
technical problems are not always solved by technology, and you may be right,
but I think this particular one deserves more attention before I come to that
conclusion. IDK, but I think you do too, otherwise why would you be
participating so vigorously?
-e
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg