At 04:51 PM 7/3/03 -0400, Ken Hirsch wrote:
From: "Kee Hinckley" <nazgul(_at_)somewhere(_dot_)com>
Identify verification is only part of the proposal I was responding
to. The other piece was verifying the good behavior of cert owner.
That requires a clearing house for complaints, an arbitration
process,
I don't really expect that to be much of a problem. People are quite eager
to give you free help to find violators and it's not expensive to put out
spamtrap addresses.
From what we've heard from ISP's, complaints are rare and they manage to
handle those without huge expense. From all sources I've seen, the overlap
between IP addresses of spammers and IP addressses of legitimate email is
tiny.
As long as problem M (below) is solved, there's really very little point in
the certicate holder fighting revocation, since once identity is established
everybody else can use it to make their own determination as to whether to
accept mail from them.
Problem M (Multiple identities/certificates/IP addresses/domain names/etc.):
and a mechanism for ensuring that the same person doesn't
pop up under a different name (which is a different sort of
verification problem, as you point out). That's where I'd expect the
expense to come.
This is key. But I think it is necessary for any permanent solution to the
spam problem. Everything else I've seen proposed is either a temporary fix
in the spam arms race or is something (such as RMX) that would only be
useful if used in conjunction with something that solves problem M.
To paraphrase;
If we give everyone an identity, there are two main problems;
"the forgery problem" - how can we prove that someone claiming
to be identity xyz really is xyz,
and "the mule problem" (problem M) - how can we prove that xyz2 isn't
just a throwaway identity.
Digital signatures solve the forgery problem. There might be
other solutions (like DMP) which are even easier to implement,
but nothing /more/ difficult need be considered.
Note that PGP signatures are already fairly ubiquitous,
and the software to generate them is freely available.
The mule problem is much more difficult to solve.
I've heard ideas that would work, but I've never seen a
solution that wasn't worse than the problem.
For example, if getting an idea required paying $10,000 US,
then we can be reasonably sure that people will not abuse
the identity. But we could also be reasonably sure that
most people wouldn't get one at all. I'm not convinced that
there is an amount of money (or effort) that one could require
that both reduces the mule problem to acceptable levels,
and allows a reasonable number of people to get identities.
However, I don't agree that it's necessary to solve the mule problem
to solve the spam problem. The only thing that is necessary
is to not trust strangers by default.
If, for example, strangers had to put $10.00 at risk to
introduce themselves, (much like Pay Up but with a significant
amount of money) then there might be spam,
but there wouldn't be a spam problem.
Forcing everyone to use Digital signatures require a significant
change to the infrastructure. Creating the ability to put cash at
risk requires a change to the infrastructure, /and/ the implementation
of a totally new escrow technology, but at least in theory,
I see no reason why it couldn't work without solving the mule problem.
Never mind the question of how you certify someone in a country that
doesn't have as codified a banking and company registration system as
those where most SSL certs are issued.
This is a good question. I would hope that any people on the list with
knowledge about how CA's operate, especially internationally, would come
forward. Do you have any comments about Problem M? I notice that there is
a pbaker at VERISIGN.com.
My earlier proposal about getting CAs more or less directly involved in the
spam problem might be misguided. As long as they can verify identity (in
the strong way, solving Problem M), then other organizations can build on
that to solve the spam problem.
As certs exist currently, they raise the cost of obtaining an identity,
but it's still less than $100 US/year. Certs are only good for
one year, but a spammer doesn't need to, and probably wouldn't,
hold them for more than a month anyway.
It's currently no more difficult to obtain a cert than it is to
obtain a snail mail address. That could be changed of course,
but as long as there are corporations, then there will be corporate
identities. Although it's possible for even /that/ to be prevented,
I think it's more likely that people would give up email altogether.
Scott Nelson <scott(_at_)spamwolf(_dot_)com>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg