[HIV analogy snipped]
These "house of cards" trust relationships in the E-mail sphere are
exactly
comparable...
That's not exactly true of course - getting that first spam DOES NOT mean
that you now have spam for the rest of your life. If only HIV infection
could be eliminated by revoking trust after the fact.
Meanwhile, the stupidity of trusting SPF and such
"reputation/authentication"
approaches to control spam is evidenced by the following report that came
out
within the last week... (and please forgive me if this has already been
reported
here)...
Neither *reputation* nor *authentication* schemes can have any real value
ON THEIR OWN. Only by using them _together_ might one hope to gain any real
benefit. Do not make the mistake of damning reputation schemes because of
the ineffectiveness of 'authentication'.
That said - I'm inclined to think that *reputation* established by a wider
audience with a good overview of subject behaviour is more likely to be
useful (and harder to break) than some transitive *trust* thing.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg