If any of that were true, then it would be equally true of ISPs.
Every SMTP message carries a practically unforgeable token identifying
and authenticating the previous hop ISP. If certificate authorities
could be trusted to police customers that spend $100/year for a
certificate, then ISPs could be trusted to police customers that spend
$240/year for ISP service.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
That sounds like a nonsense argument to me (but carefully phrased to look
misleadingly plausible).
An ISP has a lot of costs to cover for its $200 per year that a CA doesn't
have to cover. That's why ISPs charge more for ISP service that CAs charge
for certificates.
Sometimes it seems to me that CAs do very little for their $100 per year, so
they should have spare cash they could use to pay for the policing; perhaps
that's an unfair view of CAs.
There are a very large number of ISPs, so many that we can't keep track of
them all so it's impossible to establish a trust relationship with them all,
so it woukld be no good pretrnding we can trust them to do the policing even
if they charged quite silly prices; there are far fewer CAs, it might be
possible to establish the trust necessary relationships.
I think the problem you have with proposals for authenticated email is a
simple one - the same problem you have with the RMX proposal: you simply
don't want a reliable way of tying spam to its originator, you would rather
play with interesting methods of detecting spam and filtering it out. I
don't know whether that's because you don't see the usefulness of being able
to identify the originator, or because you find detecting bulk mail a fun
passtime, or because you think RFC 2821 is holy writ and not a comma may be
moved on pain of burning in hell throughout eternity for fould heresy and
blasphemy. It has to be one of those three, I can't imagine another reason.
Spam is a social problem, not a purely technical one. As with all
anti-social behaviour, being able to identify the perpetrators will be
useful. I'm not claiming that that's the only thing we have to do, just
that it is an essential component of any proper answer to our problem. So I
son't see it as helpful to sit back and snipe at every proposal that is ever
made that stands any real chance of delivering some sort of reliable
identification of the senders, particularly since most of the sniping you do
is based around misleading arguments like the one you produced above.
Tom
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg