ietf-asrg
[Top] [All Lists]

Re: [Asrg] RE: 3b. SMTP Session Verification - STARTTLS

2004-03-04 10:59:22
Hallam-Baker, Phillip wrote:

Leaving all of this aside, how will the use of TLS with SMTP help resolve the spam problem?

It is just another authentication mechanism, very similar to
CallerID/SPF in features offered. But it does have a much higher
barrier to entry - for the authentication to be useful you need
trustworthy third parties.


You can probably make a DK-like variation by storing the TLS key in DNS avoiding third parties. Of course that would depend on what you are trying to authenticate - if its just a domain then it would be sufficient, but if you need an address for legal process, you need a third party or some other mechanism.

BUT, in any case, authentication is a means to an end. From everything that has been discussed about authentication so far, it leads to authorization of some kind which has been proposed so far either via reputation/accreditation or "web of trust".

If the entire purpose of authentication is to lead to authorization, what kind of systems would we use? How would we avoid problems that plague existing blacklists? Would allowing CAs into doing a reputation service in addition to authentication wise? How will all of this reduce spam?

Yakov


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>