Claus Assmann wrote:
On Sun, Sep 28, 2003, Bill Weinman wrote:
I have just finished a new draft of the AMTP specification. I would welcome
comments from this group.
Question: what do you gain by requiring a cert? Whom do you trust
to be a CA? BTW: the hierarchical structure of X.509 certs is
fine for companies, but not for others, where a "web of trust"
would be more appropriate.
It seems that all you get is that the spammers just pay a bit of
money to some CA to send out their stuff.
Take a look at the list archive (use gmane.org). There is a very large
number of messages exchanged on this topic.
It would be nice if someone categorizes the ways how spam reaches
the recipients (open relay, proxy, trojaned PCs, directly from
spammers, etc), and the explain how you can defeat those (DNS BLs
for the first two at least, rMX/designated sender can help in some
cases, etc).
The inventory of problems seeks to do a part of that - it lists some of
the problems with spam that cannot be dealt with existing methods. The
requirements documents and technical considerations documents outline
some of things to be used for evaluation. Hopefully, when the next draft
of the inventory comes out it, all three of these can be reconciled.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg