On Sat, Jun 07, 2003 at 07:28:12AM -0700, Dave Crocker wrote: > Tony, > > > TH> I would like to see the outcome of a bof be identification of an > TH> approach to globally verifiable authenticated email. I have no doubt > TH> there will be many gaps in our current tool set (starting with a > TH> deployable PKI), and a truck load of operational guidelines to develop. > > What is wrong with PGP and/or S/MIME? > > How do they fail to provide 'globally verifiable authenticated mail?" Again, I'd like to repeat my observation that we don't need to provide "globally verifiable authenticated mail" in order to solve the SPAM problem. Given the notable lack of success in setting up a global PKI after more than decade of trying, assuming that this is a prerequisite for solving the SPAM problem is merely setting ourselves up for failure. Bare keys will do; consider a system where people keep a list of those keys that they will accept mail. If someone tries to send mail and their key is not on the recipient's list, the mail is returned to them until they can perform a Hashcash calculation consuming a non-trivial amount of CPU time, at which point their key is placed on the recipient's list, and the sender can retry to send the message. If a recipient receives SPAM, they simply drop the key of the sender from their "ok-to-receive" list. This avoids the whole requirement of binding identities to names via a global system that everyone trusts, and it avoids the problem of determining who to trust regarding whether someone is or isn't a spammer. I'm sure this isn't the only way to do things, but I'm also sure this is far more practical than any scheme that requires a global PKI. - Ted