- From: James A. Donald <jamesd@echeque.com>
- Date: Mon, 19 Jun 2006 11:06:04 +1000
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- CC: public-usable-authentication@w3.org
-- James A. Donald: > > Since [Spam Assassin] attaches no reputation to > > sites that prove origin of their email, it gives > > legitimate sites no reason to prove origin of their > > email - and it gives spammer sites every reason to > > prove origin of their email when they can Hallam-Baker, Phillip wrote: > This is precisely the point of email authentication, > so that you can build better reputation schemes. Exactly so. > Bayesian style assumptions are the reason that > confidence tricks work so well. Trying to apply them > against an adversary who is counterprogramming is a > bad idea. > > So since then authentication becomes all the rage. But > every time we get authentication only schemes and > discussion of reputation, discussion even of how to > integrate reputation mechanisms is excluded from the > scope. Do you comprehend the reasoning behind this exclusion? It is rather like excluding one blade of the scissors from the scope of the other blade. Were they perhaps fearful of being diverted into a front for the CA's unpopular business plans? > Eventually people are going to get with the program > and understand that the way to stop spam is > accountability achieved through Authentication, > Accreditation and Consequences. Negative consequences are hard to impose across the net. I think we have to rely on the positive consequence, that if email is authenticated as coming from a reliable source, its prospects of surviving the spam filter and receiving attention are much improved. I don't think we can realistically ask most people, or even a very large number of people to become accredited. Trust is not outsourced. By and large I am in a better position to know if X is what he purports to be than Verisign is. Verisign and like authorities serve a useful and valuable role, but there is a great deal of stuff that they cannot do and should not attempt to do. Much of the time we are not really interested in ascertaining true names. The fact that someone has a Verisign certificate does not mean their software does not contain a Trojan horse. A system that merely proves that email coming from BankOfAmerica.com.vronsky.ru is authentic is of rather limited value. As I am fond of pointing out, none of the many people offering me cheap Rolex watches have claimed to be Rolex, and none of the many people offering me a share of Charles Tailor's stolen diamonds have claimed to be Charles Tailor. There is a lot of hostility to Certificate Authorities in general, and to Verisign in particular. I think that this may be a result of the repeated painful experience of installing certificates on Apache. It just never gets easier. People feel that they should not have to do this in order to have encrypted sessions without confusing warning messages. SSH just works. Why, they wonder, does SSL not just work? So whenever you say "accreditation", the people you are talking to remember the last time they installed a certificate on Apache and get the feeling "You Verisign? You Die!" > The ability to obtain an accreditation is essential if > the authentication mechanisms are going to be > effective. This is why we began circulating the > VeriFied Domains List which has over 100,000 > authenticated domains listed on it. Can I obtain a copy of this list? I want to see if my domains are present, and if various well known evil domains are absent. > So the way we need to jump start the accreditation > market is by providing other incentives to email > senders to get accredited. I think that the idea of > Secure Letterhead over DKIM is probably the way to > create the necessary initial critical mass. Accreditation is of limited value. Accreditation is both too restrictive and insufficiently restrictive - it is infamously painful to get and install the certificate necessary for https, yet accreditation does not and cannot supply the kind of information one sees on the Ebay reputation page. Accreditation can only operate in an environment where it is one part of the solution. If it attempts to be the entire solution (evil Verisign monopoly), few will accept that solution. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3CZoQApZxPwSKgweYP5O/Whbj7GqE5VG05hXucDj 42sHgh8RMRo4KtLCAnYTNTgn8bhtaNayWJxTDwaS9
Received on Monday, 19 June 2006 01:06:10 UTC