Re: [websec] [saag] [apps-discuss] [kitten] HTTP authentication: the next generation from Marsh Ray on 2010-12-19 (ietf-http-wg@w3.org from October to December 2010)

From: Marsh Ray <marsh@extendedsubset.com>
Date: Sun, 19 Dec 2010 22:04:40 +0000
To: Ben Laurie <benl@google.com>
CC: Adrien de Croy <adrien@qbik.com>, General discussion of application-layer protocols <apps-discuss@ietf.org>, websec <websec@ietf.org>, Common Authentication Technologies - Next Generation <kitten@ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <4D0E8148.7060607@extendedsubset.com>

On 12/19/2010 03:49 PM, Ben Laurie wrote:
> On 19 December 2010 11:12, Adrien de Croy<adrien@qbik.com>  wrote:
>> Imagine if
>> everyone needed a client certificate to send any mail.  We'd have no spam.
>
> Nonsense. We'd just restrict spam to owned machines, of which there
> are only a few tens or hundreds of milliions, if we're lucky.

Nonsense. We'd have no mail. Or rather some other store-and-forward 
messaging system would arise and not be called mail.

Look back far enough and you'll find all kinds of "electronic mail" 
services implementing the full range of peer and end user 
authentication, and sender-pays models. There was no spam on those 
systems, or at least not enough that anyone felt like they needed a word 
for it.

Guess why we use the one we use today.

- Marsh

Received on Sunday, 19 December 2010 22:39:48 UTC