[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Proven solution for authenticating messages

To: ASRG <asrg@ietf.org>
Subject: Re: [Asrg] Proven solution for authenticating messages
From: Roland <list-asrg@openrbl.org>
Date: Tue, 04 Mar 2003 12:38:48 +0000
In-reply-to: <3E648663.2060006@chaoszone.org>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Orig-date: Tue, 04 Mar 2003 13:39:15 +0100
References: <7B170C5E4008D311ABB70008C7D3825B03BC340E@saison.ssc.govt.nz> <20030303213350.GA13559@danisch.de> <3E6453B9.2080905@chaoszone.org> <20030304093923.GB1965@danisch.de> <3E648663.2060006@chaoszone.org>
Sender: asrg-admin@ietf.org

--Prasenjeet Dutta wrote on 04.03.03 16:26 +0530:

> The only hitch is an infrastructural problem of getting a "relay-identity-only" CA up and running who'd handle the X.509 infrastructure for handle certificate signing and revocation list management -- for little or no cost (cost obviously detering
> non-profits from using this).
> 
> Any entity registered with such a CA would satisfy Step #1 of Brad Templeton's plan for spam -- "Whitelist those who will be accountable for abuse", and we could reduce the problem set to dealing with rogue SMTP servers.

Such a 'whitelist of accountable servers' would need no cryptography
at all and could also be distributed via dnswl (note the 'W').

Problem here: what constitutes 'accountable', how many unresolved or
ignored complaints will be needed to revoke the privilegies, how could
they proof an address indeed has passed the verified opt-in with the
exact same entity which sent the mail (which also requires to compare
both signup-page, the confirmation-request and the content of the mail
manually) without allowing the mainsleaze for listwashing.

This would require a trusted entity which does the whole confirmation
and managment, some kind of 'consent clearinghouse'.

Roland

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Proven solution for authenticating messages
  - From: Prasenjeet Dutta

References:
- [Asrg] Proven solution for authenticating messages
  - From: mike . pearson
- Re: [Asrg] Proven solution for authenticating messages
  - From: Hadmut Danisch
- Re: [Asrg] Proven solution for authenticating messages
  - From: Prasenjeet Dutta
- Re: [Asrg] Proven solution for authenticating messages
  - From: Hadmut Danisch
- Re: [Asrg] Proven solution for authenticating messages
  - From: Prasenjeet Dutta

Prev by Date: Re: [Asrg] Proven solution for authenticating messages
Next by Date: Re: [Asrg] filtering at connect time
Previous by thread: Re: use of signatures is not restricted by law (Re: [Asrg] Proven solution for authenticating messages)
Next by thread: Re: [Asrg] Proven solution for authenticating messages
Index(es):
- Date
- Thread