ietf
[Top] [All Lists]

Re: spam

2003-05-30 00:47:22
I can't say that I'd favor any solution that requires everyone to pay money
or obtain the approval of some third party before sending e-mail.  Any
system that imposes a universal financial burden on all Internet users
and/or effectively allows a third party to censor communication between two
other parties is extremely questionable in my view.

A technical solution must be free, voluntary for people who are not
spammers, and must not subject anyone to the control of third parties.

----- Original Message -----
From: "Michael Thomas" <mat(_at_)cisco(_dot_)com>
To: "Christian Huitema" <huitema(_at_)windows(_dot_)microsoft(_dot_)com>
Cc: "Michael Thomas" <mat(_at_)cisco(_dot_)com>; "Iljitsch van Beijnum"
<iljitsch(_at_)muada(_dot_)com>; "Dave Aronson" 
<dja2003(_at_)hotpop(_dot_)com>; "IETF Discussion"
<ietf(_at_)ietf(_dot_)org>
Sent: Friday, May 30, 2003 02:32
Subject: RE: spam


Christian Huitema writes:
 > If PKI or PKI-like, then the spammers would need to obtain an actual
 > certificate for each of their throwaway identities. But so would
 > everyone else, which implicitly limits the cost of obtaining a
 > certificate to whatever the public can bear, and the amount of identity
 > checks to whatever the public is willing to accept, which today is an
 > e-mail reachability test. So, the spammers will be slowed down, but not
 > much.

What if it cost some nominal amount, but with that
payment came another form of authentication (eg
credit card number) which you could then use to
_meter_ the rate of issuing new certs, and/or
cross referencing issued certs associated with
spammers with the credit card number used to
obtain the cert? Assumedly spammers would
eventually run out of credit cards well before
they ran out of money.

As a note, the identity bound to the key can be
completely opaque and insignificant (and thus
certs could be issued trivially and cheaply).

  Mike






<Prev in Thread] Current Thread [Next in Thread>