At 1:07 PM -0400 5/1/03, Ken Hirsch wrote:
From: "Kee Hinckley" <nazgul(_at_)somewhere(_dot_)com>
>The actual impact of these changes is tiny. So far people have
>legitimately pointed
>out:
>1) Now, you can use TLS to the end server.
>2) You get feedback from one hop later if you do the SMTP yourself.
3) You are talking about regulating the creation of at least three
brand new industries that don't even exist right now.
Nonsense. CAs already exist. There are already both commercial and
nonprofit organizations that provide blacklists. There already exist
companies like IronPort that work with TRUSTe. It's not very different at
all.
CAs exist, but they do nowhere near the validation you want them
too--and they virtually never revoke a certificate. It took me three
weeks to hear back from my CA *how* to revoke a certificate that I
*wanted* revoked--and they had no standard mechanism to do it. They
certainly aren't set up to do dispute resolutions or any of that.
Existing blacklists have way too many false positives to be used
without careful editing, and there is only one commercial one that
I'm aware of. Again--they don't have anywhere near the scope that
you are looking for.
The third industry I was thinking of was outsourced outbound email.
The only simple one I know of is SMTP.com. $50/year/account--rate
limited to 50 messages a day. Not going to send too many sales
newsletters out on that.
The group you are ignoring are the medium sized businesses. They
can't afford what you're pushing. You need to either make your certs
so airtight that a spammer can't simply create a new business every
month and get a new one, or else so expensive that the spammer can't
afford one.
As for your "it's easy" statements. They all deal with technical
issues. Not business and political issues. Most companies do *not*
like to outsource mission critical technology. You like phone
comparisons. Compare the market for in-house phone systems to
outsourced (to the phone company) systems. WHich is larger. Why?
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg