Seth Breidbart <sethb(_at_)panix(_dot_)com> worte
"Tom Thomson" <tthomson(_at_)neosinteractive(_dot_)com> wrote:
Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:
Today's CAs do not revoke certificates for
policy reasons but that can probably be changed.
Why do you think that can be changed? The CAs are in the CA business to
make money.
Nobody is going to trust an irrevocable mailing certificate, so nobody
is going to buy them.
But there are hordes of CAs out there making money of what are, in effect,
irevocable certificates. How are you going to get CAs to change their
behaviour?
In any case, revocation per se isn't strictly necessary. For
instance, issue (at a noticeable price) one-day certificates, which
can be renewed a day at a time for free if they aren't used to sign
spam. Non-spammers pay a one-time fee (refundable, even); spammers
lose their deposit for a single day of spamming (and even that runs
into BLs of "don't trust this certificate" which could be run by third
parties).
That's an interesting idea. Of course the CAs have the problem of managing
daily renewals, which isn't a zero cost operation, but if every user of
email in the world needs a ertificate there's a big enough market to make a
good profit on small margins.
But will Aunt Mary be able to work out how to generate a key-pair and send
the public half off for signing, and install the certificate when it comes
back and install a new certificate every day when it arrives? How much of
this can be automated for Aunt Mary in the MUA? Do have you a less
complicated certificate mechanism in mind?
A possible problem: sometimes mail is sent to a machine that is currently
off line, and gets held in some relay (the outgoing mail server) for some
days. Lets hope that the next machine down the line checks the
certificate's valididity for the date in the first Received header, not the
date at which it receives the mail, or the certificate will appear out of
date. On second thoughts, let's hope it doesn't - or I can just stick a
fake received by header at the front of my mail and that certificate that
never got renewed because it was used to send spam can be used for quite
some time - but then it becomes hard to send mail from a machine that's
often off line to another machine that's often off line - you have to find a
day when they are both on line. Of course if email were always a single
end-to-end transaction life would be much easier.
Tom
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg