"Tom Thomson" <tthomson(_at_)neosinteractive(_dot_)com> wrote:
Seth Breidbart <sethb(_at_)panix(_dot_)com> worte
"Tom Thomson" <tthomson(_at_)neosinteractive(_dot_)com> wrote:
Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:
Nobody is going to trust an irrevocable mailing certificate, so nobody
is going to buy them.
But there are hordes of CAs out there making money of what are, in effect,
irevocable certificates. How are you going to get CAs to change their
behaviour?
In deciding which email to receive (or allow to bypass strong
filtration), would you trust an irrevocable certificate from TrustE?
How about one from Verislime? How about a revocable certificate from
Spamhaus?
If you want your email to be received, which of those would you buy?
But will Aunt Mary be able to work out how to generate a key-pair
and send the public half off for signing, and install the
certificate when it comes back and install a new certificate every
day when it arrives?
No, but Aunt Mary doesn't know how to send mail other than through her
ISP's mail swerver, which will take care of all that stuff for her.
A possible problem: sometimes mail is sent to a machine that is currently
off line, and gets held in some relay (the outgoing mail server) for some
days.
One possible solution is to check the old certificate for revocation.
Or, any outgoing server should have its own certificate, so it can
re-sign the message when it comes back online.
Any incoming server should check the certificate upon receipt; if the
user doesn't trust his own incoming server, he has bigger problems.
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg