spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: on CAs as reputation providers; an argument for metric-based reputation services

2003-12-08 20:22:42
from [Hallam-Baker, Phillip] [Permanent Link] 
Credential Revocation is possible but an expensive to execute. The cert
hoder has to be empirically in breach of the agreement or have made a
provably fraudulent statement. It does happen but the costs are very large,
not something that you can allow to be routine if you are going to have a
mass market price.

But the technical mechanisms for revocation can also support reputation
publishing see xkms.

We can run xkms on atlas, same reach and capacity as dns no capacity issues



 -----Original Message-----
From:   Meng Weng Wong
Sent:   Mon Dec 08 16:17:52 2003
To:     spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject:        Re: [spf-discuss] on CAs as reputation providers; an
argument for metric-based reputation services

On Mon, Dec 08, 2003 at 01:06:41PM -0800, Hallam-Baker, Phillip wrote:
| 
| This is a combinatorics problem, 50 million domain names, 10 global cas if
| that. Clearly there is a reputation issue. I don't want a verisign cert
with
| extensive validation to be worth no more than a bucket shop ca cert where
| the end entity is not validated beyond checkin payment clears.
| 
| The real issue is whether the accreditaion system is open. If people can
| list the accreditations they have accumulated feedback filters will
quickly
| converge on giving them the correct weight.
| 

Validation implies revocation --- if a VeriSign customer turns out to be
a spammer, what's the punishment?  Do you refuse to renew them?  If the
renewal period is 1 year, they could spam for the rest of that year with
impunity.

I'm probably not seeing something obvious.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: on CAs as reputation providers; an argument for metric-based reputation services, Dan Boresjo
Next by Date:  Re: patents, trusting CAs, etc., Philipp Morger
Previous by Thread:  Re: on CAs as reputation providers; an argument for metric-based reputation services, Hallam-Baker, Phillip
Next by Thread:  RE: patents, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]