ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Proposal for transition to authenticated email

2003-04-28 21:46:30
from [Ken Hirsch] [Permanent Link] 
From: "Kee Hinckley" <nazgul(_at_)somewhere(_dot_)com>
[...]



The certs should be expensive.  One per ISP is enough, so $1000, $5000, or
even $10,000 would not be unreasonable.  I can hear the small ISPs screaming
now, but they could contract out SMTP service.


Never mind small ISPs.  What about *companies*?  There are several
orders of magnitude more of them running mail servers than ISPs.
What are they supposed to do?


If they can't afford the certificate, forward through their ISP.  That's what 
most
small businesses do now.  It's no great hardship.




 >>   - no sending allowed to harvested emails

It's not clear how you enforce this, or deal with an expensive dispute
process.


People already create fake addresses to detect harvesters.  If a sender
uses these then the burden would be on him to show that he was tricked.
This should promote good practices (double opt-in, logging of web-based
subscriptions, etc.) to avoid penalties.


Sure.  But given that you've punted on enforcement, how is this world
any different than the current one.


Oh, please, if you are going to discuss the proposal, do it seriously.  I never 
said
the CAs wouldn't enforce, I just said that they would have lots of help.  If 
the CAs
don't enforce, their certificates become worthless.  Nobody will buy them.


 >I think the existing commercial list providers have made it clear that
 >they will not do confirmed opt-in.  And even on this list people have

pointed out that confirmed opt-in loses legitimate subscribers.
Perhaps if there were MUA support for it, but otherwise I don't think
you'll get sign on.


They may well object, but I'm under no obligation to accept them,
either.  My proposal is not to make any of these policies mandatory, but
only to mandate authentication and truth-in-labeling.


No, *you* don't have to accept them.  But a solution which leaves out
every major bulk mail company, all the major etailers, not to mention
your local bank, is not likely to fly very far.


I must not have made myself clear.  It is the _recipients_ that decide what 
policies
are acceptable.  If senders choose policies that aren't acceptable, their 
messages
won't get through.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Proposal for transition to authenticated email, Ken Hirsch
Next by Date:  Re: [Asrg] Proposal for transition to authenticated email, Jim Youll
Previous by Thread:  Re: [Asrg] Proposal for transition to authenticated email, Jim Youll
Next by Thread:  Re: [Asrg] Proposal for transition to authenticated email, Jim Youll
Indexes:  [Date] [Thread] [Top] [All Lists]