At 12:12 05/06/03 -0700, Hallam-Baker, Phillip wrote:
A spam sender could attempt to use disposable certificates in the same way
that IP addresses and dialup accounts are considered disposable. This is
unlikely to work for long, the spam sender can set up lots of shell
companies at the same address but if the CA keeps authenticating to the same
address or phone number the pattern will soon become apparent.
Hmmm... is there an economic play here?
<background>
First, briefly, my view of the spam situation. I don't think it's
fundamentally an Internet protocol design issue (though some design tweaks
may help). Essentially, I think people currently have the choice of
(1) putting filters in place and accept the loss of some non-spam mail, or
(2) accepting a deluge of spam, and not lose any mail. In practice, I
think this option doesn't exist, because I find that (lacking spam filters)
I do lose a few pieces of non-spam mail because I don't recognize the
sender or subject. So I see a way forward to be a "passport" mechanism to
reliably bypass automated spam filters, a kind of whitelist++.
</background>
So back to my question: is there an economic play here?
(I was offered the opinion once that a big *disadvantage* of email compared
with fax for business transactions was that it has almost zero incremental
cost of use.)
I'm thinking of a cert issued for a small sum of money, without any
authentication other than the purchaser promises something like "I promise
not to spam with this certificate". At the earliest evidence of it being
used for spamming, it is revoked. The price should be small enough to be
accessible to any reasonable person, but high enough that the bill for
daily or hourly renewal would become significant.
Maybe crazy, just thinking aloud...
#g
-------------------
Graham Klyne
<GK(_at_)NineByNine(_dot_)org>
PGP: 0FAA 69FF C083 000B A2E9 A131 01B9 1C7A DBCA CB5E