Ed Gerck wrote:
In a separate thread, under Yakov's suggestion, the solution part of
this discussion is now probably moving on to the closed ASRG list
(with open archive) as posted in
http://article.gmane.org/gmane.ietf.asrg.smtpverify/300
I'd like to now address the other part of Yakov's reply below, or
"Why not keep the old design if we can get back to the old assumption?"
Comments inlined.
....
The solution to spam lies squarely in the IETF hands. We need an Internet
design where the end points are less trusted than the connection. The opposite
of what we have today. Only then, IMHO, can we have those kind of solutions
that the IETF can take on in order to really reduce the problem.
Of course, updating the Internet design to fit its current operating conditions
is useful not only to stop spam. Social engineering and spoofing attacks
also rely on the old honor system where users are trusted. "Trust no one"
should be the initial state under the new Internet paradigm.
So the bottom line is that we lack trust. This echoes the comments made
by the IAB in section 3.1 of
(http://www.iab.org/documents/drafts/draft-iab-e2e-futures-05.txt).
How would introducing trust help with the spam problem? Would the cost
of doing so perhaps would be so prohibitive that we will not be able to
do so? Is it really possible to introduce trust that will actually work?
Yakov