-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 13 August 2004 11:16 am, George Mitchell wrote:
1. Why should I have to pony up $300 to make my email more creditable?
You don't. It's an option available to you, however.
I believe accreditation is going to work differently than this in the
future. One big arena is going to be government services. There will be a
central US Federal Government accreditation service that accredits all the
branches of government. Then each branch will accredit all the offices.
Then so on, until everything in the federal government is accredited.
When you receive an email from "mr(_dot_)smith(_at_)irs(_dot_)gov", and it SPF
PASSes, you
need to know whether or not 'irs.gov' is indeed the IRS. Reputation
services can't tell you that. Accreditation services can.
Accreditation services in the private sector will be similar. You'll ask,
"Does bankofamerica.com represent a legal bank in the United States?" "Is
foomanufacturers.com a corporate entity in the State of Washington?" You
get the picture.
Accreditation will also expedite abuse tracking. Right now, you don't have
to give real, personal information to get a domain name. But with an
accreditation service that functions properly, you would have to give real
information.
2. Are all those Verisign certificates going to be a reliable as the
famous one fraudulently issued to Microsoft?
http://www.microsoft.com/technet/security/bulletin/MS01-017.mspx
If you don't trust Verisign, then don't trust them. Their business is
founded on trust, and they are responsible when they violate that trust.
- --
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBHTPHBFeYcclU5Q0RAmp0AKDbj8eovWwz4H9mL3ngrP55I71BQACeM3f8
xLBZFqm1VqiKOTIZ2hU9ul0=
=QQCP
-----END PGP SIGNATURE-----