ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Proposal for transition to authenticated email

2003-04-30 07:38:57
from [Ken Simpson] [Permanent Link] 
What about the processing load required to deal with verifying
cryptographic signatures? Will that cause an unacceptable load on very
large mail installations?

TTUL
Ken

On Wed, 30 Apr 2003, Ken Hirsch wrote:


From: "Vernon Schryver" <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com>

Why would I pay at least $120 to $360 per year to get your spam-CA to
swear rhyolite.com doesn't send spam?  I've never had a mail blocking
problem.


"I'm not part of the problem.  Why should there be the slightest
inconvenience to me?"

Because the current system is broken.

[...]

Who will enforce that requirement on your CAs?  ISPs and registrars
are ignoring their promises to cut off spammers.


I think that the large ISPs will enforce this.  Spam is getting to be such
an issue that the will is there.  I also think that my solution has the
right granularity of enforcement.  If you decide a CA is not doing its job,
then you treat all mail from associated ISPs as unauthenticated and fall
back to a challenge/response system.  It is a lot less drastic than totally
throwing them off the net or simply blocking all their mail.  The CAs
customers will start screaming.

(I do think there will need to be a blacklist for those who abuse the
challenge/response system.)


Again, why will your program differ from P3P?  The P3P people said there
was supposed to be automated use of it.  Netscape 7 can be told to
pay attention to it.


I haven't seen anything useful that a program can do with P3P.  It is also a
solution to a problem that few people care about.  _Everybody_ hates spam,
but P3P deals with arcane issues that most people just don't care about.


How are you going to encode a declaration of exactly what is sent into
at most a dozen bytes?  Remember that your certs have to be tacked onto
every mail message.


This is a good question.  My guess is that something quite useful can be
done, but this is an issue that needs to be explored in a working group.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Darwin's War, Vernon Schryver
Next by Date:  Re: [Asrg] Darwin's War, Eric Brunner-Williams in Portland Maine
Previous by Thread:  Re: [Asrg] Proposal for transition to authenticated email, Ken Hirsch
Next by Thread:  Re: [Asrg] Proposal for transition to authenticated email, Ken Hirsch
Indexes:  [Date] [Thread] [Top] [All Lists]