At 2:14 AM -0400 10/7/03, Ken Hirsch wrote:
From: "Kee Hinckley" <nazgul(_at_)somewhere(_dot_)com>
At 5:42 PM -0400 10/6/03, Ken Hirsch wrote:
>I have proposed a specific anti-spam certificate which would only be issued
>when the subscriber states what anti-spam policy will be followed and
>contractually agrees to it.
AOL currently blocks 2 billion spam messages a day. Over 5% of the
internet is in their blacklist.
So they trust 95% of IP addresses, instead of the 0.1% that they should be
trusting..
Not at all. Those are the ones that they know have zero trust.
Trust isn't an on/off switch. Different sources have different
levels of trust. You can take any sender, whether it be a bulk
mailer, ISP or individual company, and judge what percentage of their
email will be unwanted. Based on that, you can make certain
filtering decisions.
[...]
Domain-based or sender-based certificates are nice for techies and
cool end-user software that doesn't exist yet, but they provide no
value at all to the major ISPs. They don't scale; ISPs are iffy
about doing one more DNS lookup on a connection, let alone validating
certs.
Where is the analysis that it won't scale? It seems to me that the current
Having to check the trust level by performing crytographic protocols
on each message won't scale.
Does anybody have actual numbers on the overhead for establishing an SSL/TLS
session? Compared to, say, a DNS-based scheme?
SSL/TLS is expensive enough that companies make their business
selling dedicated hardware to do the processing. However it has far
lower latency than a DNS query. So you've got a time/cpu trade-off.
However that analysis falls apart in the long run because DNS
information can be cached, whereas SSL has to be done every single
time. So, I would say that DNS is more expensive the first time you
see a new IP, cheaper thereafter.
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg