On Mon, 02 Dec 2002 11:12:36 PST, "Hallam-Baker, Phillip" said:
First, consider the effect of a minor authentication requirement on
certificate issue, the ability to read email sent to the address
specified in the certificate. Using that technique we could eliminate
spams with bogus addresses which itself would be a major advance. The
amount of spam that comes through with a valid email address is
vanishingly small.
You don't need a cert for this - a simple "OK this magic cookie" confirmation
scheme (as supported by almost all mailing-list management software) is enough.
Then we could sue the b*#*(_at_)#&ds if they spammed after that. People have
been looking for a test case for digital signatures for ages, so don't
worry about the cost.
People have been looking for somebody ELSE to be the test case for ages.
The EFF is in the business of raising money to fight legal battles. The
IETF isn't. You might want to ask the IESG if they have the budget for
this - and remember that quite often, there *isnt* case law about some
interesting point because one party or the other decides it's easier and
cheaper to just settle rather than take it to court.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgpAkASbqY0yj.pgp
Description: PGP signature