Hallam-Baker, Phillip wrote:
Leaving all of this aside, how will the use of TLS with SMTP help
resolve the spam problem?
It is just another authentication mechanism, very similar to
CallerID/SPF in features offered. But it does have a much higher
barrier to entry - for the authentication to be useful you need
trustworthy third parties.
You can probably make a DK-like variation by storing the TLS key in DNS
avoiding third parties. Of course that would depend on what you are
trying to authenticate - if its just a domain then it would be
sufficient, but if you need an address for legal process, you need a
third party or some other mechanism.
BUT, in any case, authentication is a means to an end. From everything
that has been discussed about authentication so far, it leads to
authorization of some kind which has been proposed so far either via
reputation/accreditation or "web of trust".
If the entire purpose of authentication is to lead to authorization,
what kind of systems would we use? How would we avoid problems that
plague existing blacklists? Would allowing CAs into doing a reputation
service in addition to authentication wise? How will all of this reduce
spam?
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg