Slashdot Mirror

← Back to Stories (view on slashdot.org)

Revising the Internet Email Infrastructure

Posted by michael on from the starting-over dept.

Lauren Weinstein writes "People For Internet Responsibility (PFIR) today released a white paper aimed at starting discussion and work to fundamentally revamp Internet e-mail systems to control spam, forgeries, and a range of other problems, while empowering e-mail users rather than ISPs." Excellent start.

2 of 311 comments (clear)

  1. PIT/PCA Questions by Hayzeus · · Score: 5, Interesting
    I may be wrong, but what, exactly, is to keep spammers from becoming their own PCA? Why can't they simply generate PITs willy-nilly?

    Sure, ISPs can block PITS from unsavory PCAs, but what stops spammers from creating new, bogus PCAs as needed? If there are only a few "recognized" PCAs, doesn't this tend to concentrate power into a relatively small set of entities?

    --

    Roving Web-Teleoperated Robot
  2. Like all PKI schemes... by stevens · · Score: 5, Interesting

    ...it lives and dies by the efficacy of the CAs. If the CAs suck, then the credentials they send with email mean nothing.

    I like the idea, but I wonder which sort of orgs are going to be their "PCAs"? ISPs pretty much allow any comer onto their network, so giving all users a cert wouldn't stop people from making temporary accounts for spam.

    Perhaps the ease with which MTAs could cut off CAs (like cutting off domains) would help give incentive to ISPs (or whoever is the PCA) to crack down on their customer base, but that strategy is only marginally successful today. Why would creds make this strategy any better?

    Perhaps MTAs would be harder to config as open relays, because authn is required. But what percent of spam comes through open relays? If it's a big percentage, then this may help.

    Has anyone analyzed this scenario? I'd like to hear some informed thoughts on what sort of email regime we could expect if this were implemented.