Christian Huitema writes: > If PKI or PKI-like, then the spammers would need to obtain an actual > certificate for each of their throwaway identities. But so would > everyone else, which implicitly limits the cost of obtaining a > certificate to whatever the public can bear, and the amount of identity > checks to whatever the public is willing to accept, which today is an > e-mail reachability test. So, the spammers will be slowed down, but not > much. What if it cost some nominal amount, but with that payment came another form of authentication (eg credit card number) which you could then use to _meter_ the rate of issuing new certs, and/or cross referencing issued certs associated with spammers with the credit card number used to obtain the cert? Assumedly spammers would eventually run out of credit cards well before they ran out of money. As a note, the identity bound to the key can be completely opaque and insignificant (and thus certs could be issued trivially and cheaply). Mike