At 3:44 PM -0400 4/29/03, Ken Hirsch wrote:
From: "Vernon Schryver" <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com>
[...]
On the other hand, an x.509 cert tells you less than the typical domain
name whois data even with the best of intentions by all parties. The
name and address in domain name whois data is often maliciously bogus
for spammers. Why wouldn't the same apply to certs?
Mainly because the certs will cost a lot more than an IP address. The
I'm still waiting for an explanation of how high-cost certs will work
in the real world.
> That is simply wrong. All spam carries the unforgeable signature
of a sending IP address.
Anyone can type in forged headers. Sending a message where it's not
possible to detect the forgery is theoretically possible, but I've
never seen a documented case. (Which is not to say that I think that
signing isn't a good idea, or that I agree with Vernon's claim that
figuring out those headers is something that can easily be done by
the people who need to do it--but it can be done.)
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg