Re: [Asrg] Consent Proposal
Markus Stumpf <maex-lists-spam-ietf-asrg@Space.Net> Wed, 02 July 2003 17:08 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA02090 for <asrg-archive@odin.ietf.org>; Wed, 2 Jul 2003 13:08:55 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xl5n-0008PJ-Lo for asrg-archive@odin.ietf.org; Wed, 02 Jul 2003 13:08:27 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h62H8RA7032316 for asrg-archive@odin.ietf.org; Wed, 2 Jul 2003 13:08:27 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xl5n-0008P9-HR for asrg-web-archive@optimus.ietf.org; Wed, 02 Jul 2003 13:08:27 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA02051; Wed, 2 Jul 2003 13:08:25 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Xl5l-0004FG-00; Wed, 02 Jul 2003 13:08:25 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Xl5l-0004FD-00; Wed, 02 Jul 2003 13:08:25 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xl5N-0008Ei-3B; Wed, 02 Jul 2003 13:08:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Xl4e-00085l-Ln for asrg@optimus.ietf.org; Wed, 02 Jul 2003 13:07:16 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA02020 for <asrg@ietf.org>; Wed, 2 Jul 2003 13:07:14 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Xl4c-0004EX-00 for asrg@ietf.org; Wed, 02 Jul 2003 13:07:15 -0400
Received: from moebius2.space.net ([195.30.1.100] ident=qmailr) by ietf-mx with smtp (Exim 4.12) id 19Xl4c-0004ET-00 for asrg@ietf.org; Wed, 02 Jul 2003 13:07:14 -0400
Received: (qmail 93269 invoked by uid 1013); 2 Jul 2003 17:07:13 -0000
From: Markus Stumpf <maex-lists-spam-ietf-asrg@Space.Net>
To: asrg@ietf.org
Subject: Re: [Asrg] Consent Proposal
Message-ID: <20030702190713.C82235@Space.Net>
References: <HKEFKPNPJLANNFPFMDKJIEJOIIAA.danny@apache.org> <5.2.0.9.2.20030701172458.00bd1de0@std5.imagineis.com> <HKEFKPNPJLANNFPFMDKJIEJOIIAA.danny@apache.org> <20030702015753.F74353@Space.Net> <5.2.0.9.2.20030701201028.00babd58@std5.imagineis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <5.2.0.9.2.20030701201028.00babd58@std5.imagineis.com>; from research@solidmatrix.com on Tue, Jul 01, 2003 at 08:12:17PM -0400
Organization: SpaceNet AG, Muenchen, Germany
X-PGP-Fingerprint: 66 F3 75 79 01 D0 B8 5F 1A C7 77 88 4A B6 70 DF
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 02 Jul 2003 19:07:13 +0200
On Tue, Jul 01, 2003 at 08:12:17PM -0400, Yakov Shafranovich wrote: > What about a central CA issuing certificates to other CAs, controlled by > IANA or ICANN-type of organization? You mean to set the cat among the pigeons ;-) What you would need is a mechanism that creates and equal level of trust. As soon as I get a cert from CA-1 for 5 bucks and all that is needed is a working email address and CA-2 requires payment of 100 bucks and you have to send in legal papers and stuff you will create different levels of trust. That's what we have now. We have DNSBLs: some use them some not (no trust). Some block dialin IPs some not (diffferent levels of trust). What if in a country some of the legal documents required by CA-2 simply don't exist? In the US (I believe) there is something called social insurance number (or the like). Maybe in Dubai (I don't know) such a thing does not exist and nothing similar. But this would be required by a CA to identify e.g. a person. Would it mean people from Dubai can't get signed keys? And there is a social/commercial problem: What if in our country the two biggest emails providers with a share of say 30% don't stick to that system? What would I tell my customers? While private customers might understand it corporate customers will not understand why they can't talk to business partners any longer. And: you can't add pressure, as some of the smaller ISPs will say: "as our customer you can still receive mail from them. Leave your current ISP and join us". Big deal :( > There are mechanisms in place to check > verifications of certificates in real-time, and that can be implemented as > well. Hmmm ... take e.g. Verisign. I'd guess they have issued the most certs. What do you think would be needed as infrastructure so that every browser accessing a SSL site can verify the cert (e.g. if revoked) in real-time? certs work, because the producer of the browser added the CA keys of CAs to the browser and users depend on the producers of the browser and these depend on the CA to "do the right thing". If a key is signed by a "trusted" CA it's also trusted "per definitionem". We don't have working revocation mechanisms. To make it clear: I'd be more than glad if those methods would exist. There are patches for nearly all Mailservers to support SSL connections (STARTTLS) but I'd guess the percentage of mailservers using it has a lot of 0s after the decimal point and in front of the 1. \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin" _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Consent Proposal Peter Kay
- [Asrg] Consent Proposal Mark McCarron
- Re: [Asrg] Consent Proposal Jon Kyme
- [Asrg] Trust, misunderstood? Danny Angus
- [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Barry Shein
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Peter Kay
- Re: [Asrg] Consent Proposal Selby Hatch
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Vernon Schryver
- RE: [Asrg] Consent Proposal Peter Kay
- RE: [Asrg] Consent Proposal Peter Kay
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Peter Kay
- [Asrg] Consent Proposal gep2
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Bob Wyman
- Anticipatory whitelisting (was Re: [Asrg] Consent… Bruce Stephens
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Barry Shein
- RE: [Asrg] Consent Proposal Peter Kay
- Re: [Asrg] Consent Proposal Walter Dnes
- Re: RE: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Jon Kyme
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: Fwd: Re: [Asrg] Consent Proposal Craig Cockburn
- Re: Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: Anticipatory whitelisting (was Re: [Asrg] Con… Yakov Shafranovich
- Re: Fwd: Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Danny Angus
- RE: Fwd: Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Bob Wyman
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Howard Roth
- Re: RE: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Danny Angus
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Danny Angus
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Trust, misunderstood? Yakov Shafranovich
- Re: [Asrg] Trust, misunderstood? C. Wegrzyn