OK.. Almost plausible. However note that currently, the PGP
web-of-trust
covers only a small percentage of the subscribers to the IETF
list, and
there's no *really* good PKI for S/MIME yet (hint - we don't
seem to even
understand how to apply 'basicConstraints', so if you think
we're going to
have working CRLs anytime soon, please share the name and
address of your
pharmaceutical supplier.. ;)
OCSP scales fine for revocation checking. We can use the same
platform that currently serves 6 billion DNS queries a day.
I don't have a pharmaceutical supplier at hand, however I can
provide you with the name of a company that has a nice line
in herbal viagra if you are interested.
I propose to you that using a Thawte free S/MIME cert proves
approximately
zero - a spammer can just get one for each run (and remember
that no matter
how much a spammer tries to hid their identity, they *still*
have to provide
a working way to reach them (via smtp or http or whatever) or
they don't get
any feedback....)
If the spammer wants to perform custom operations for each
constituency they want to spam.
I don't think they do, they have to be able to spam millions
of people at a time or the response rate is simply too low.
Reported response rates are in the thousandths of a percent,
so spamming the entire IETF gets less than a tenth of a customer.
Phill
smime.p7s
Description: S/MIME cryptographic signature