At 2:15 PM -0400 4/28/03, Ken Hirsch wrote:
The cryptographic signatures can be on each message (S/MIME) or can
be for an entire session (HTTP-over-TLS). But the latter is only
acceptable if no further forwarding of messages will occur.
Define forwarding? Mailing list? I hit Forward in the MUA? I'm not
sure what you mean.
session) must be from a recognized Certificate Authority (CA), must
be "expensive enough" that spammers cannot easily get many of them,
What do you think that is? I can get a web cert for @$100 US/yr.
(Probably cheaper.) Is that enough of a cost to keep spammers out?
I doubt a certificate authority could manage to police the system as
you indicate without significantly increasing that price.
- no sending allowed to harvested emails
It's not clear how you enforce this, or deal with an expensive dispute process.
- double opt-in required for mailing lists.
I think the existing commercial list providers have made it clear
that they will not do confirmed opt-in. And even on this list people
have pointed out that confirmed opt-in loses legitimate subscribers.
Perhaps if there were MUA support for it, but otherwise I don't think
you'll get sign on.
- all senders identities and addresses have been authenticated.
How is this possible? Who is going to do it? And where does the
money come from? And who will stand for it?
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg