Re: [Asrg] The Solution To Spam - The First Response
Kee Hinckley <nazgul@somewhere.com> Thu, 03 July 2003 18:29 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA00196 for <asrg-archive@odin.ietf.org>; Thu, 3 Jul 2003 14:29:39 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y8pS-0003h5-KV for asrg-archive@odin.ietf.org; Thu, 03 Jul 2003 14:29:11 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h63ITA0R014195 for asrg-archive@odin.ietf.org; Thu, 3 Jul 2003 14:29:10 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y8pS-0003gj-Gc for asrg-web-archive@optimus.ietf.org; Thu, 03 Jul 2003 14:29:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA00161; Thu, 3 Jul 2003 14:29:07 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y8pP-0006GA-00; Thu, 03 Jul 2003 14:29:07 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Y8pO-0006G5-00; Thu, 03 Jul 2003 14:29:06 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y8pJ-0003aN-Dx; Thu, 03 Jul 2003 14:29:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y8p2-0003Yb-II for asrg@optimus.ietf.org; Thu, 03 Jul 2003 14:28:44 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA00096 for <asrg@ietf.org>; Thu, 3 Jul 2003 14:28:42 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y8oz-0006F2-00 for asrg@ietf.org; Thu, 03 Jul 2003 14:28:41 -0400
Received: from www.somewhere.com ([66.92.72.194] helo=somewhere.com) by ietf-mx with esmtp (Exim 4.12) id 19Y8oz-0006Ev-00 for asrg@ietf.org; Thu, 03 Jul 2003 14:28:41 -0400
Received: from [65.177.177.75] (account nazgul HELO [192.168.1.104]) by somewhere.com (CommuniGate Pro SMTP 3.5.7) with ESMTP-TLS id 2509662; Thu, 03 Jul 2003 14:28:36 -0400
Mime-Version: 1.0
X-Sender: nazgul@somewhere.com@pop.messagefire.com
Message-Id: <p06001746bb2a00538636@[192.168.1.104]>
In-Reply-To: <Law9-OE28I59Wjap8q200057e5b@hotmail.com>
References: <BAY2-F15671GHCLHcmS00003a9d@hotmail.com> <p06001713bb235d383f7e@[192.168.1.104]> <Law9-OE28I59Wjap8q200057e5b@hotmail.com>
To: Ken Hirsch <kenhirsch@myself.com>
From: Kee Hinckley <nazgul@somewhere.com>
Subject: Re: [Asrg] The Solution To Spam - The First Response
Cc: asrg@ietf.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 03 Jul 2003 11:56:11 -0400
At 8:40 PM -0400 7/2/03, Ken Hirsch wrote: > > for how you use it afterwards. I would guess that, at a minimum, >> the level of support you are requesting would result in a fee on the >> order of $1000/year in order to support the necessary infrastructure >> and support needs. It might be somewhat lower because the volume of >> sales would be many orders of magnitude higher than SSL certs, but I >> can't see it being any cheaper. > >You say that like it's a bad thing. If it would reduce the number of >SMTP servers by one or two orders of magnitude, that's great! Perhaps I'm not sure why that would be good. But leaving that aside. >But your assertion does not really check out. The extra cost for >identify verification should be on the order of $100 for the first >year and maybe $30 extra per renewal. Identify verification is only part of the proposal I was responding to. The other piece was verifying the good behavior of cert owner. That requires a clearing house for complaints, an arbitration process, and a mechanism for ensuring that the same person doesn't pop up under a different name (which is a different sort of verification problem, as you point out). That's where I'd expect the expense to come. Never mind the question of how you certify someone in a country that doesn't have as codified a banking and company registration system as those where most SSL certs are issued. >So, how much do CAs charge for code-signing certificates, which should >be comparable? The most expensive is Verisign, which is $400 the >first year and $300 for renewals. Others are half that. Code signing certs are probably a better example than SSL certs. Do you know how they handle complaints and revocations? >Right now the PKI is weak on certificate revocation, but that's not >strictly necessary. Third parties can label a given identity as a >spammer, just as they do for IP addresses. Right now virtually none of those third parties have an arbitration process. That would have to change. Modulo the problem of countries without a reliable certification structure, I actually I think that requiring signed certs on mail servers is a reasonable thing to do. Forget revocation for spamming and the like. At the very least it would solve the open-proxy problem. But the third-world problem is a very real one. One of the benefits of email right now is that it has created a level playing field for communication throughout the entire world. Cutting the third-world out of the information flow is not something I want to do. -- Kee Hinckley http://www.messagefire.com/ Anti-Spam Service for your POP Account http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] The Solution To Spam - The First Response Mark McCarron
- Re: [Asrg] The Solution To Spam - The First Respo… Kee Hinckley
- Re: [Asrg] The Solution To Spam - The First Respo… Ken Hirsch
- Re: [Asrg] The Solution To Spam - The First Respo… Kee Hinckley
- Re: [Asrg] The Solution To Spam - The First Respo… Ken Hirsch
- Re: [Asrg] The Solution To Spam - The First Respo… Kee Hinckley
- Re: [Asrg] The Solution To Spam - The First Respo… Mark McCarron
- Re: [Asrg] The Solution To Spam - The First Respo… Mark McCarron
- Re: [Asrg] The Solution To Spam - The First Respo… Walter Dnes
- Re: [Asrg] The Solution To Spam - The First Respo… Ken Hirsch
- Re: [Asrg] The Solution To Spam - The First Respo… Walter Dnes
- Re: [Asrg] The Solution To Spam - The First Respo… Scott Nelson