RE: Accreditation NON-Proposal

["Gordon Fecyk" <gordonf@xxxxxxxxx>]

> -----Original Message-----
> From: owner-ietf-mxcomp@xxxxxxxxxxxx
> [mailto:owner-ietf-mxcomp@xxxxxxxxxxxx]On Behalf Of Hallam-Baker,
> Phillip
> 
> 	Attached is a proposal for an accreditation mechanism 
> based on the
> existing DNS A record conventions but designed to allow 
> extension to support other approaches.

> 	Basically it should be possible to announce the fact 
> that there is
> an accreditation and the location where that accreditation should be
> verified. If there is no way to say who your accreditation 
> service is then
> we will be stuck with the 'single root of trust' problem that 
> people have complained of wrt SSL certificates.

I wanted to use DNS to avoid the use of any "single root of trust" or
collection of trusted roots.  All of the existing proposals assume the domain
decides which of its hosts or nodes or other entities send mail, assuming the
administrators of the domain have that control.[2]

So by using DNS we've already addressed this particular problem.  Wether the
domain itself is trustworthy or not, I believe, is not the decision of any
central authority or array of loosely centralized authorities.  The recipient
decides.[1]  My impression is no e-mail domain admins want any centralized
authority or collection thereof to say they're allowed to send mail.

[1] The receiver pays to receive e-mail.  The ISP gets paid by the receiver,
and the ISP has to pay someone to receive e-mail.  While it's been an
anti-spammer's mantra for five years, I've only seen spammers and purists try
to argue it, with only rare success.

[2] <mantra>I won't say it.  It's too easy.</mantra>

-- 
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@xxxxxxxxxxxxx>
What's a PGP Key?  See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>