Tony, --On 17 February 2004 17:27 -0800 Tony Hain <alh-ietf@tndh.net> wrote:

Clearly I misinterpreted your comments; sorry for reading other parts of the thread into your intent. The bottom line is the lack of a -scalable- trust infrastructure. You are arguing here that the technically inclined could select from a list of partial trust options and achieve 'close enough'. While that is true, Joe-sixpack wouldn't bother even if he could figure out how. Whatever trust infrastructure that comes into existence for the mass market has to appear to be seamless, even if it is technically constructed from multiple parts.

What I am thinking of takes the policy decision at the "end" MTA level, i.e. the MTA closest to the user receiving the mail. That could be a techy user on a DSL line. In the case of Joe-Sixpack, it would be whoever runs POP/IMAP for him. If he runs an MTA without any of this stuff, he is left where he is now (i.e. gets all mail).

Steve Bellovin suggested earlier that identity based approaches wouldn't work. While I agree having the identity won't solve the problems by itself, it does provide a key that the rest of the legal system can start to work with. False identities are common in the real world, so their existence in the electronic world is not really any different.

I am not sure you need to go as far as verifiable individual identities for each sender/user; however, you may need to go as far as being able to verify identities of MTAs - at least the first one that claims "I have received this from someone for whom I am prepared to deal with the abuse consequences".

I guess I am looking at this from the opposite side the two of you appear to be, rather than requiring authorization to send, irrefutable identity should be used to deny receipt after proven abuse.

I am using authorization to permit/deny *receipt* (not sending). Clearly if enough people deny unauthenticated receipt then in practice it does imply one needs to authenticate sending. Whether you deny receipt after proven abuse, or only accept receipt on proven identity is just a policy decision in the hands of the mail-system-admin as to what they do with the "don't know" case. I think this is getting (further) OT for NANOG & I should just write something up. Alex