From: "Kee Hinckley" <nazgul(_at_)somewhere(_dot_)com>
Identify verification is only part of the proposal I was responding
to. The other piece was verifying the good behavior of cert owner.
That requires a clearing house for complaints, an arbitration
process,
I don't really expect that to be much of a problem. People are quite eager
to give you free help to find violators and it's not expensive to put out
spamtrap addresses.
From what we've heard from ISP's, complaints are rare and they manage to
handle those without huge expense. From all sources I've seen, the overlap
between IP addresses of spammers and IP addressses of legitimate email is
tiny.
As long as problem M (below) is solved, there's really very little point in
the certicate holder fighting revocation, since once identity is established
everybody else can use it to make their own determination as to whether to
accept mail from them.
Problem M (Multiple identities/certificates/IP addresses/domain names/etc.):
and a mechanism for ensuring that the same person doesn't
pop up under a different name (which is a different sort of
verification problem, as you point out). That's where I'd expect the
expense to come.
This is key. But I think it is necessary for any permanent solution to the
spam problem. Everything else I've seen proposed is either a temporary fix
in the spam arms race or is something (such as RMX) that would only be
useful if used in conjunction with something that solves problem M.
Never mind the question of how you certify someone in a country that
doesn't have as codified a banking and company registration system as
those where most SSL certs are issued.
This is a good question. I would hope that any people on the list with
knowledge about how CA's operate, especially internationally, would come
forward. Do you have any comments about Problem M? I notice that there is
a pbaker at VERISIGN.com.
My earlier proposal about getting CAs more or less directly involved in the
spam problem might be misguided. As long as they can verify identity (in
the strong way, solving Problem M), then other organizations can build on
that to solve the spam problem.
The essence of my earlier proposal:
(1) mail servers can accept mail (without challenge-response) only if it is
verified at either at the server level or the individual message level.
There are already technologies to do this (SSL client certificates,
IP-lookups to a verifying organization, S/MIME signatures, etc.).
The method must have a reliable, short chain to a responsible organization
or individual with strong identity (see Problem M).
It is not necessary that everyone choose the same method.
(2) mail that cannot be so verified must be subject to challenge-response
authentication.
Conjecture:
It might be possible to grandfather-in existing SMTP servers that are known
to be legitimate. But the fact that there are soooo many SMTP servers is a
problem. Not only it in cumbersome to manage so many millions of items,
more importantly it is hard to even gather the data about who is sending.
You may never have received a message from fredsgrocery.com, but it may well
have a legimate automated mailing system. (Obviously challenge-response is
mostly a problem with mailing lists and other automated mail systems.) If
you could find out all SMTP servers with a good reputation, you could
arrange to verify them by looking up, say, 63.10.45.12.presumedinnocent.org.
But it is critical that this NOT apply to new/unknown servers and it would
be subject to easy revocation.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg