I can't say that I'd favor any solution that requires everyone to pay money or obtain the approval of some third party before sending e-mail. Any system that imposes a universal financial burden on all Internet users and/or effectively allows a third party to censor communication between two other parties is extremely questionable in my view. A technical solution must be free, voluntary for people who are not spammers, and must not subject anyone to the control of third parties. ----- Original Message ----- From: "Michael Thomas" <mat@cisco.com> To: "Christian Huitema" <huitema@windows.microsoft.com> Cc: "Michael Thomas" <mat@cisco.com>; "Iljitsch van Beijnum" <iljitsch@muada.com>; "Dave Aronson" <dja2003@hotpop.com>; "IETF Discussion" <ietf@ietf.org> Sent: Friday, May 30, 2003 02:32 Subject: RE: spam > Christian Huitema writes: > > If PKI or PKI-like, then the spammers would need to obtain an actual > > certificate for each of their throwaway identities. But so would > > everyone else, which implicitly limits the cost of obtaining a > > certificate to whatever the public can bear, and the amount of identity > > checks to whatever the public is willing to accept, which today is an > > e-mail reachability test. So, the spammers will be slowed down, but not > > much. > > What if it cost some nominal amount, but with that > payment came another form of authentication (eg > credit card number) which you could then use to > _meter_ the rate of issuing new certs, and/or > cross referencing issued certs associated with > spammers with the credit card number used to > obtain the cert? Assumedly spammers would > eventually run out of credit cards well before > they ran out of money. > > As a note, the identity bound to the key can be > completely opaque and insignificant (and thus > certs could be issued trivially and cheaply). > > Mike > >