ietf-asrg
[Top] [All Lists]

Re: [Asrg] S/MIME

2004-03-21 13:21:25
Doug Royer wrote:
Yakov Shafranovich wrote:

 Validating identities means nothing if the identities being
validated are fraudulent.

You have not made the case that user(_at_)example-canada(_dot_)com is invalid.
You just have declared that it is not user(_at_)example(_dot_)com and we agree.

You know that a given email address or domain is valid, and matches the S/MIME certificate. Now what? It still does not prove to you that someone is not a spammer.

Now go back and read my email and point out where I said that S/MIME
emails are guaranteed free from spam? I said it would stop forged email.
I made no other claim. I also said that would stop the 1,000's of forged emails I get
every week on the systems I administer.


Mea culpa - you only addressed the forgery issue. There are still some interoperability issues with S/MIME but that's probably something that will be solved sooner or later.

However, this is an anti-spam group and within the context of fighting spam, how will this help? The problem that I have is that there are several identity schemes here and none of them address the point of what do you do, once the identity is established. There is IP identity, domain/IP identity (LMAP/MARID), more heavier cryptographic identities, etc. All of these lead into the same point - once the identity has been established, what happens then?

This is a question to the entire group, not you directly.

Yakov

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg