> OK.. Almost plausible. However note that currently, the PGP > web-of-trust > covers only a small percentage of the subscribers to the IETF > list, and > there's no *really* good PKI for S/MIME yet (hint - we don't > seem to even > understand how to apply 'basicConstraints', so if you think > we're going to > have working CRLs anytime soon, please share the name and > address of your > pharmaceutical supplier.. ;)
OCSP scales fine for revocation checking. We can use the same
platform that currently serves 6 billion DNS queries a day.
I don't have a pharmaceutical supplier at hand, however I can
provide you with the name of a company that has a nice line
in herbal viagra if you are interested.
> I propose to you that using a Thawte free S/MIME cert proves
> approximately
> zero - a spammer can just get one for each run (and remember
> that no matter
> how much a spammer tries to hid their identity, they *still*
> have to provide
> a working way to reach them (via smtp or http or whatever) or
> they don't get
> any feedback....)
If the spammer wants to perform custom operations for each
constituency they want to spam.
I don't think they do, they have to be able to spam millions
of people at a time or the response rate is simply too low.
Reported response rates are in the thousandths of a percent,
so spamming the entire IETF gets less than a tenth of a customer.
Phill
smime.p7s
Description: application/pkcs7-signature
