ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Proposal for transition to authenticated email

2003-05-01 08:03:30
from [Kee Hinckley] [Permanent Link] 
At 4:22 AM -0400 5/1/03, Ken Hirsch wrote:
> Further, why should an independent organization's e-mail policies be subject 
 to the wholly unrelated policies of an intermediate party?


Because the current system is broken!


That doesn't excuse creating more problems.
The actual impact of these changes is tiny. So far people have legitimately pointed 
out:
1) Now, you can use TLS to the end server.
2) You get feedback from one hop later if you do the SMTP yourself.
3) You are talking about regulating the creation of at least three brand new industries that don't even exist right now. 4) You repeatedly ignore the cost issue--in fact, you don't even understand the current costs for services like those you describe, let alone what the potential costs would be.
We keep telling you--based on our experience selling, supporting, writing and working with commercial email and commercial companies that this is not a trivial change. Please explain how your real world experience differs.
Come to think of it, if you accept TLS, you probably already got a certificate! 
Will the new certificate be so much more of a burden than the current one?
(Slightly more rigorous, hopefully.)


1. My current certificate can be self-signed.
2. Even if it's not, it costs less than $100.

At 5:49 AM -0400 5/1/03, Ken Hirsch wrote:

A certificate that provides strong identity (e.g. government-issued) is
not by itself sufficient as an antispam certificate.  A CA would have
to (1) check it against a database of known spammers (2) get the person
to sign a contract  to abide by a set of antispam policies and (3) have
a set of procedures to handle complaints against the person (including
reporting the person to the database if they do not cooperate).
What do you think these (currently non-existent) certificates would cost? On what basis do you make the assumption.
Ask Phillip why personal certs with real identity checks aren't readily available. Never mind ones that guarantee that you aren't a spammer. 
--
Kee Hinckley
http://www.messagefire.com/          Junk-Free Email Filtering
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Proposal for transition to authenticated email, Tom Thomson
Next by Date:  Re: [Asrg] Domain-Authorized SMTP Mail, David Green
Previous by Thread:  Re: [Asrg] Proposal for transition to authenticated email, Ken Hirsch
Next by Thread:  Re: [Asrg] Proposal for transition to authenticated email, Ken Hirsch
Indexes:  [Date] [Thread] [Top] [All Lists]