On Thu, 2004-03-04 at 00:10, Yakov Shafranovich wrote:
Mark Foster wrote:
On Wed, Mar 03, 2004 at 02:37:23PM -0500, Yakov Shafranovich wrote:
In the current world the closest approximation we have to reputation
systems that are planned with LMAP are blacklists and Senderbase. Given
that current blacklists have numerous problems, why would any proposed
reputation or accrediation systems of the future be any different? How
are we planning on avoiding the same problems we have today in the
future, if we want to deploy such systems?
I've been doing some research into the use of STARTTLS and certificate
verification. The possibility exists for overlaying a
PKI trust model onto the email infrastructure... not just S/MIME and
PGP/GPG, but securing the message relay transmissions (MTA to MTA).
The problem with the PKI model is key distribution. If we follow the
current SSL scheme that might work BUT then you are making Verisign and
other CAs the gatekeepers for the Internet - and can have repercussions.
For example, in the SSL market according to
(http://www.securityspace.com/s_survey/sdata/200402/certca.html),
Verisign and Thawte have 30% and 20% each. HOWEVER, according to
(http://www.thawte.com/html/CORPORATE/today.html), Thawte is owned by
Verisign, which implies that 50% of the SSL market is controlled by one
company. Do you really want a few companies to choose who gets the right
to send email? Of course, a distributed system like DomainKeys can help
with some of these problems, but the main problems that blacklists have
are still there.
Also, SSL certificates today only *idenfity* the site, not provide its
reputation. Changing CAs into reputation systems, will involve a whole
new set of challenges. These challenges are mostly present today in
blacklists which is exactly what worries me - I don't see yet how any of
these problems can be avoided in any reputation systems.
I would say, authentication and reputation can be done by completely
unrelated parties. Reputation lists could use servers' certificates the
same way they use their IP addresses now.
Otherwise, I agree that there is too much contraversy and "political"
uncertainty surrounding x509. Primarily due to its strictly
hierarchical model, not well suitable for today's world.
Eugene
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg