From: "Vernon Schryver" <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com>
That is the situation we have now, using the certs that are IP addresses.
- all mail carries the practically unforgeable cert of the IP address
of the preceding SMTP client.
- people use public and private blacklists of IP addresses to enforce
their own anti-spam or other access policies.
- some CAs (ISPs) sell certificates (IP addresses) that are less
valuable, because the CAs (ISPs) are known to not revoke them
(terminate service) for naughtiness.
- those bad CAs still manage to sell their less valuable certs (IP
addresses) to people who pay less and then whine and complain
about the unfairness of blacklist lists that list their certs
as issued by CAs that don't care about stopping spam.
I think there are important differences:
Can you tell who is responsible for the mail server?
Now: Sometimes
Proposal: Yes, instantly
Can you tell who issued/can revoke the IP address or certificate?
Now: With difficulty
Proposal: instantly
Number of authorizers of IP addresses: thousands, who knows?
Number of CAs: A few dozen to maybe a few hundred
Can you tell the spam policy of responsible party?
Now: no (never in machine-usable form; hard to find for humans)
Proposal: yes, it's right there in certificate, in standard form
Can you tell who to contact about spam?
Now: no
Proposal: yes
Can you show that spam was sent from server?
Now: no
Proposal: yes, cryptographically signed
Can you tell anything about the email content/sending user?
Now: no
Proposal: Maybe (policy-dependent)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg