From: "Vernon Schryver" <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com>
Why would I pay at least $120 to $360 per year to get your spam-CA to
swear rhyolite.com doesn't send spam? I've never had a mail blocking
problem.
"I'm not part of the problem. Why should there be the slightest
inconvenience to me?"
Because the current system is broken.
[...]
Who will enforce that requirement on your CAs? ISPs and registrars
are ignoring their promises to cut off spammers.
I think that the large ISPs will enforce this. Spam is getting to be such
an issue that the will is there. I also think that my solution has the
right granularity of enforcement. If you decide a CA is not doing its job,
then you treat all mail from associated ISPs as unauthenticated and fall
back to a challenge/response system. It is a lot less drastic than totally
throwing them off the net or simply blocking all their mail. The CAs
customers will start screaming.
(I do think there will need to be a blacklist for those who abuse the
challenge/response system.)
Again, why will your program differ from P3P? The P3P people said there
was supposed to be automated use of it. Netscape 7 can be told to
pay attention to it.
I haven't seen anything useful that a program can do with P3P. It is also a
solution to a problem that few people care about. _Everybody_ hates spam,
but P3P deals with arcane issues that most people just don't care about.
How are you going to encode a declaration of exactly what is sent into
at most a dozen bytes? Remember that your certs have to be tacked onto
every mail message.
This is a good question. My guess is that something quite useful can be
done, but this is an issue that needs to be explored in a working group.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg