Re: [Asrg] S/MIME



Barry Shein wrote:

On March 21, 2004 at 15:10 mbaugher(_at_)cisco(_dot_)com (Mark Baugher) wrote:
>> If we get forgery under control, then it is possible to apply reputation,> accreditation, blacklisting and other techniques to manage spam. What am I> missing?
That the USPS (and no doubt others) haven't been able to make much of
dent in this in 200+ years?

I do not think they have that task and as they also do not require thatthe sender signthe postal mail with a 3rd party verified signature it is not a validcomparison.

There's a paradox here. Authentication etc costs money, even if just
microcents it adds up in some contexts. People want e-mail to be
essentially free.

An email cert from your ISP could be free or included in your sign up fee.
In fact your ISP could interpose on port 25, check the 'from' values

and sign it for you - for free (for those that use the ISPs emailaddresses) if

the ISP is a CA.

I think we can probably find ways to prevent people from bringing fork
lifts into the all you can eat buffet. But fraud and authentication in
general is a huge topic which probably is best solved by someone
figuring out a model for a "charging for authentication business",
akin to registered or certified mail.

You can send registered and certified postal mail without showing any IDat all. Notthe same model. The recipient of the registered or certified mail has toshow

identity, not the sender.

If you think that stopping spam will require a fork lift to a buffet,then I can

make money selling your competitors digital signatures real cheap :-)

I do not think that it is heavy weight at all. It is implemented by most(all?) of

the GUI MUAs that I have seen over the last few years.

Put another way, it's one of those problems that seems to be easy on a
very small scale (exchange PGP keys with your friends), but becomes
very hard as you scale it up, particularly if the first criteria is
that it must not cost anything.

Yes - PGP will not work. I am talking S/MIME, it does not have that scaling
problem as the number of CAs is MUCH lower and does not require a 4th
hand he said she said you can trust that person problem.

--

Doug Royer                     |   http://INET-Consulting.com
-------------------------------|-----------------------------
Doug(_at_)Royer(_dot_)com                 | Office: (208)520-4044
http://Royer.com/People/Doug   | Fax:    (866)594-8574
                              | Cell:   (208)520-4044

             We Do Standards - You Need Standards

smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Asrg] 0 General - Fake HIV Letters in mail, (continued) Re: [Asrg] 0 General - Fake HIV Letters in mail, Alan DeKok Re: [Asrg] S/MIME, Doug Royer Re: [Asrg] S/MIME, Yakov Shafranovich Re: [Asrg] S/MIME, Doug Royer Re: [Asrg] S/MIME, Yakov Shafranovich Re: [Asrg] S/MIME, Doug Royer Re: [Asrg] S/MIME, Mark Baugher Re: [Asrg] S/MIME, Yakov Shafranovich Re: [Asrg] S/MIME, Barry Shein Re: [Asrg] S/MIME, George Ou Re: [Asrg] S/MIME, Doug Royer <= Re: [Asrg] S/MIME, David Maxwell Re: [Asrg] S/MIME, Mark Baugher RE: [Asrg] S/MIME, Tom Thomson Re: [Asrg] S/MIME, Eugene Crosser Re: [Asrg] S/MIME, Alan DeKok Re: [Asrg] S/MIME, Doug Royer Re: [Asrg] S/MIME, Alan DeKok Re: [Asrg] S/MIME, Doug Royer Re: [Asrg] S/MIME, Ken Hirsch Re: [Asrg] S/MIME, George Ou