ietf
[Top] [All Lists]

RE: spam

2003-05-29 18:20:11
Christian Huitema writes:
If PKI or PKI-like, then the spammers would need to obtain an actual
certificate for each of their throwaway identities. But so would
everyone else, which implicitly limits the cost of obtaining a
certificate to whatever the public can bear, and the amount of identity
checks to whatever the public is willing to accept, which today is an
e-mail reachability test. So, the spammers will be slowed down, but not
much.

What if it cost some nominal amount, but with that
payment came another form of authentication (eg
credit card number) which you could then use to
_meter_ the rate of issuing new certs, and/or
cross referencing issued certs associated with
spammers with the credit card number used to
obtain the cert? Assumedly spammers would
eventually run out of credit cards well before
they ran out of money.

As a note, the identity bound to the key can be
completely opaque and insignificant (and thus
certs could be issued trivially and cheaply).

          Mike



<Prev in Thread] Current Thread [Next in Thread>