OK.. Almost plausible. However note that currently, the PGP
covers only a small percentage of the subscribers to the IETF
there's no *really* good PKI for S/MIME yet (hint - we don't
seem to even
understand how to apply 'basicConstraints', so if you think
we're going to
have working CRLs anytime soon, please share the name and
address of your
pharmaceutical supplier.. ;)
OCSP scales fine for revocation checking. We can use the same
platform that currently serves 6 billion DNS queries a day.
I don't have a pharmaceutical supplier at hand, however I can
provide you with the name of a company that has a nice line
in herbal viagra if you are interested.
I propose to you that using a Thawte free S/MIME cert proves
zero - a spammer can just get one for each run (and remember
that no matter
how much a spammer tries to hid their identity, they *still*
have to provide
a working way to reach them (via smtp or http or whatever) or
they don't get
If the spammer wants to perform custom operations for each
constituency they want to spam.
I don't think they do, they have to be able to spam millions
of people at a time or the response rate is simply too low.
Reported response rates are in the thousandths of a percent,
so spamming the entire IETF gets less than a tenth of a customer.
Description: S/MIME cryptographic signature