[Asrg] Re: The Solution To Spam - The First Response (Ken Hirsch)
"Mark McCarron" <markmccarron_itt@hotmail.com> Thu, 03 July 2003 15:50 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19059 for <asrg-archive@odin.ietf.org>; Thu, 3 Jul 2003 11:50:24 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y6LL-0004E2-0V for asrg-archive@odin.ietf.org; Thu, 03 Jul 2003 11:49:55 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h63Fns0i016236 for asrg-archive@odin.ietf.org; Thu, 3 Jul 2003 11:49:54 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y6LK-0004Dn-Tf for asrg-web-archive@optimus.ietf.org; Thu, 03 Jul 2003 11:49:54 -0400
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18995; Thu, 3 Jul 2003 11:49:52 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y6KT-0004AR-BG; Thu, 03 Jul 2003 11:49:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y6KB-00049x-Kr for asrg@optimus.ietf.org; Thu, 03 Jul 2003 11:48:43 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18927 for <asrg@ietf.org>; Thu, 3 Jul 2003 11:48:41 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y6KA-0000xI-00 for asrg@ietf.org; Thu, 03 Jul 2003 11:48:42 -0400
Received: from bay8-f33.bay8.hotmail.com ([64.4.27.33] helo=hotmail.com) by ietf-mx with esmtp (Exim 4.12) id 19Y6K9-0000w8-00 for asrg@ietf.org; Thu, 03 Jul 2003 11:48:41 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 3 Jul 2003 08:48:05 -0700
Received: from 62.252.128.5 by by8fd.bay8.hotmail.msn.com with HTTP; Thu, 03 Jul 2003 15:48:05 GMT
X-Originating-IP: [62.252.128.5]
X-Originating-Email: [markmccarron_itt@hotmail.com]
From: Mark McCarron <markmccarron_itt@hotmail.com>
To: asrg@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"
Message-ID: <BAY8-F33yPmBIzJ9skB00000b9f@hotmail.com>
X-OriginalArrivalTime: 03 Jul 2003 15:48:05.0933 (UTC) FILETIME=[7E6C05D0:01C3417A]
Subject: [Asrg] Re: The Solution To Spam - The First Response (Ken Hirsch)
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 03 Jul 2003 15:48:05 +0000
This posting relates to the 'GIEIS' system. This can be viewed at: http://homepage.ntlworld.com/giza.necropolis I must agree with Ken. It only makes sense to raise the current pricing schemes to remove illigitimate companies from the Internet, leaving only those with significant investments in the web business free to win back public support. By rasing the 'bar' of initial expenditure verus return we could eliminate a significant porportion of Internet fraud. 'GIEIS' will employ this technique as well as others. Mark McCarron. >Message: 9 >From: "Ken Hirsch" <kenhirsch@myself.com> >To: <asrg@ietf.org> >Subject: Re: [Asrg] The Solution To Spam - The First Response >Date: Wed, 2 Jul 2003 20:40:38 -0400 > >From: "Kee Hinckley" <nazgul@somewhere.com> > > This list has had this type of discussion before. Those are > > approximately the requirements necessary for an SSL certificate. > > SSL certificates currently last one year at about $100/cert. The > > margins are such that virtually no background checks are done. And > > of course there is no revocation, arbitration or verification done > > for how you use it afterwards. I would guess that, at a minimum, > > the level of support you are requesting would result in a fee on the > > order of $1000/year in order to support the necessary infrastructure > > and support needs. It might be somewhat lower because the volume of > > sales would be many orders of magnitude higher than SSL certs, but I > > can't see it being any cheaper. > >You say that like it's a bad thing. If it would reduce the number of >SMTP servers by one or two orders of magnitude, that's great! Perhaps >I should remind you that your own (reasonably priced) service is >$36/year per user. A $1000 would cover 28 people. I should hope the >average SMTP server services more people than that! > >But your assertion does not really check out. The extra cost for >identify verification should be on the order of $100 for the first >year and maybe $30 extra per renewal. > >For example, the cost of a passport application is $55 for the State >Department and $30 to the acceptance facility (usually the post >office). The USPS just announced the availability of a service for >CAs to check identities in person. I'm sure the cost will be >comparable to the $30 that they get for passport applications. > >Or, my bank will do it for free for their customers, and there is a CA >(digitrust.com) that is associated with the American Banking >Association. Their charge is $175 for a business identification or >SSL certificate. > >And why should it cost more? For the first time, somebody needs to >process the application, run a credit check, check ID against >databases. In time (<1 hour) and fees (e.g. $25 for a credit report), that >should be less than a $100. For a renewal, a good practice would be a >credit check (to see if there's anything really fishy) and mailing the >renewal code to the address to see if it's still good. An extra $30? > >So, how much do CAs charge for code-signing certificates, which should >be comparable? The most expensive is Verisign, which is $400 the >first year and $300 for renewals. Others are half that. > >Right now the PKI is weak on certificate revocation, but that's not >strictly necessary. Third parties can label a given identity as a >spammer, just as they do for IP addresses. > >In fact the PKI as it stands is adequate for identify verification, at >least in the United States, but as I indicated in earlier messages, >that's not quite enough to prevent spam. You also need (at least) the >property that there are not too many certificates per person (although >the cost does put some limit on it.) > >PKI provides > certificate => identity >but not yet > identity => few certificates > >Note that IP addresses and domain names provide neither property. > > _________________________________________________________________ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Re: The Solution To Spam - The First Respo… Mark McCarron
- Re: [Asrg] Re: The Solution To Spam - The First R… Philip Miller
- Re: [Asrg] Re: The Solution To Spam - The First R… Ken Hirsch
- RE: [Asrg] Re: The Solution To Spam - The First R… Danny Angus