ietf
[Top] [All Lists]

RE: Certificate / CPS issues

2003-06-06 10:32:49


On Fri, 6 Jun 2003, Hallam-Baker, Phillip wrote:


Security is risk control, not risk elimination.

Absolutely!

Extending that thought, managing risk is about the cost of loss vs. the
cost of protection.

Humans make mistakes. Systems fail. Sammy Sousa used the wrong bat. The
suttles failed. To reject a service because you have one presumed example
of failure is not realistic. A pattern of failures would be an issue, just
like you might avoid purchase of an automobile if Consumer Reports failure
statistics are abnormally high.

For the objectives we are discussing, I think the failure rate at Verisign
is not an issue. Most (perhaps all) folks in this discussion seem to agree
that the issue with spam is in the volume and not the mere existance of
spam. Social scientists could probably study the parallel growth of spam
and the corresponding growth in frustration and even end up with a volume
of spam which most people would be comfortable with. I strongly suspect
that reducing and keeping spam at 10% of current levels would probably be
success. Certainly, 1% would be.

On that premis, I'm certain it doesn't matter if 1 of the current 200
heavy duty spammers gets a fraudulant certificate. That might make final
identification more difficult, but most of the other mechanisms will still
function.

1. Proof of common source of the quantity of emails needed to be
   ruled as illegal
2. Source based filtering can still block mail identified with the
   cert
3. Once the fraud is discovered, the CA is likely to have process
   in place to avoid issuing new certs to the same entity

The last time I investigated, Verisign had certificates of different types
with different prices and levels of identification verification. Even the
cheapest have some cost and since I doubt that Verisign accepts cash
payment, there is identity associated with the payment. Worst case is a
stolen credit card is used to make payment. Since that is an immediate
felony, it may actually be the best case from anti-spam perspective.
Because of this cost (and the difficulty of obtaining and risk of using a
large number of stolen credit cards), it seems less likely that spammers
will follow the scenario of obtaining a large number of throw away
certificates.

Conclusion, I don't see the less than 100% trustworthiness of any CA to be
an impediment to the use of certificates as part of an email origin
identification scheme. Only a fool would accept a self-signed certificate
as having any significance so I think the suggestion that the ability of a
spammer to generate their own storm of certificates has little merit.

Dave Morris




<Prev in Thread] Current Thread [Next in Thread>