On 3/16/2004 3:41 PM, Yakov Shafranovich wrote: > How would introducing trust help with the spam problem? Would the cost > of doing so perhaps would be so prohibitive that we will not be able to > do so? Is it really possible to introduce trust that will actually work? Trust is a contiuum, like everything else related to security. Different people will have different levels of trust; having a marketplace of trust brokers -- each of whom provide different levels and strenghts based on different factors -- is appropriate. Some people and/or services will require notarization-based trust, others will be happy knowing that blacklist-dujour.org doesn't think the sender is scum. I don't see what cost has to do with it. The IETF only needs to provide standardized mechanisms for negotiating trust between end-points. Leave the brokerage functions (and the implementation costs) to the service providers who want to enter the market. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/