Vernon, in many cases the CA's are not selling the certificates (IP addresses)
but only renting them for short periods of time. We get a great deal of spam
from one-off dialups or otherwise variable IP addresses... such as the guy who
has been dictionary-spamming one of our domains for a week now. He still hasn't
gotten through the A's(_at_)ourdomain(_dot_) I've now locked out
a whole class C block and if he pops up elsewhere, I'll have to block
yet another...
At 7:09 -0600 4/29/03, Vernon Schryver wrote:
> From: "Ken Hirsch" <kenhirsch(_at_)myself(_dot_)com>
... If the CAs don't enforce, their
certificates become worthless. Nobody will buy them.
...
I must not have made myself clear. It is the _recipients_ that
decide what policies are acceptable. If senders choose policies
that aren't acceptable, their messages won't get through.
That is the situation we have now, using the certs that are IP addresses.
- all mail carries the practically unforgeable cert of the IP address
of the preceding SMTP client.
- people use public and private blacklists of IP addresses to enforce
their own anti-spam or other access policies.
- some CAs (ISPs) sell certificates (IP addresses) that are less
valuable, because the CAs (ISPs) are known to not revoke them
(terminate service) for naughtiness.
- those bad CAs still manage to sell their less valuable certs (IP
addresses) to people who pay less and then whine and complain
about the unfairness of blacklist lists that list their certs
as issued by CAs that don't care about stopping spam.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg