ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] seeking comments on new RMX article

2003-05-05 11:59:16
from [Hadmut Danisch] [Permanent Link] 

Dave, 

On Mon, May 05, 2003 at 11:25:16AM -0700, Dave Crocker wrote:


We might hope that those using RMX-based hosts are good guys.  We might
hope that, but there is no assurance that the hope will be correct.


Sorry, you still have not understood RMX yet. A valid RMX entry
doesn't mean the user is a good guy. It does mean that he actually
belongs to the given domain and that's the way how to find the person 
in case he is a bad guy.




Accountability does not mean that the originator is comforming to good
policies.


Accountability requires the posibility to track back the originator.
That's what's RMX is about.




Why?  What makes it likely or certain that someone coming through an RMX
host is not sending spam?


Because he can be tracked back and hold responsible.





We have had PGP and S/MIME for approximately 10 years.  They permit
identifying the originator.  Yet they have not achieved any significant
adoption or use in the Internet.  How will you achieve success now?


That's not logical. If PGP and S/MIME didn't have succes yet, it
doesn't mean that no authentication method will ever have success. 
The failure of PGP and S/MIME is a design criterion for RMX:
It is designed to avoid the problems of PGP and S/MIME, which are
far too complicated and error prone, require time-expensive and
difficult-to-learn certification steps and keeping secret keys. 
Therefore RMX was designed to be simple, without cryptography, 
without secrets. 

Furthermore, PGP and S/MIME are a completely different story. 
You're comparing apples and oranges. PGP and S/MIME are designed to 
keep messages confidential, to provide authenticity and integrity, 
and to provide non-repudiation. PGP and S/MIME provide authenticity
by solving the problem that anyone could use a particular address
before. SPAM is a different problem. Here the attacker can use any 
address, which is a slightly different problem. 

Most people don't actually have the problems that PGP and S/MIME
solve. That's one of the reasons why they don't use it. Because
they don't need it. In contrast, many people receive tons of Spam.



Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] RMX proposals and Nash Equilibrium, J C Lawrence
Next by Date:  Re: [Asrg] seeking comments on new RMX article, Alan DeKok
Previous by Thread:  Re: [Asrg] seeking comments on new RMX article, Dave Crocker
Next by Thread:  Re: [Asrg] seeking comments on new RMX article, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]