On Mon, 02 Dec 2002 11:12:36 PST, "Hallam-Baker, Phillip" said: > First, consider the effect of a minor authentication requirement on > certificate issue, the ability to read email sent to the address > specified in the certificate. Using that technique we could eliminate > spams with bogus addresses which itself would be a major advance. The > amount of spam that comes through with a valid email address is > vanishingly small. You don't need a cert for this - a simple "OK this magic cookie" confirmation scheme (as supported by almost all mailing-list management software) is enough. > Then we could sue the b*#*@#&ds if they spammed after that. People have > been looking for a test case for digital signatures for ages, so don't > worry about the cost. People have been looking for somebody ELSE to be the test case for ages. The EFF is in the business of raising money to fight legal battles. The IETF isn't. You might want to ask the IESG if they have the budget for this - and remember that quite often, there *isnt* case law about some interesting point because one party or the other decides it's easier and cheaper to just settle rather than take it to court. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
pgp00156.pgp
Description: PGP signature