North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [Fwd: Re: IETF SMTP Working Group Proposal at smtpng.org]

  • From: Paul Vixie
  • Date: Wed Aug 21 20:52:52 2002

> I agree with getting personal mail servers registered, as far as paying 
> $100 for a mail server registration (as mentioned in previous 
> messages)...that's no good.  As a user with a personal mail server, it 
> is bad enough to have pay for connectivity and a domain name.  Having to 
> pay for the privilege of running a mail server is too much.

e-mail isn't free.  in my own experience, i can pay a high price by just
hitting delete a couple hundred times a day, or a medium price by turning
on all kinds of anti-spam features in my MTA and sending complaints out
to network owners on whatever sneaks through the blockade, or a low price
by only accepting e-mail from people who have paid to register their
servers with some certifier whom i am willing to trust.

we'll be seeing this kind of "require signed-by-trusted certificates before
permitting use" logic in the personal certificate field soon.  why not do
it at the mail server level, where there are fewer certificates and more
total lifetime value per signature?

the secret is in correctly answering the question "who gets the money."  i
would love to see a bona fide nonprofit use this as a fundraising method.
(any organized religion's church comes to mind here as an ideal candidate.)

server-level openpgp is also an option, and would more closely reflect the
social realities: (1) introducers i'm willing to trust may not be at the top
of any virtual certification hierarchy other than my own; and (2) there's
no compelling technical reason to keep the number of ultimately trusted keys
small.  (verisign/thawte may feel that there are compelling business reasons,
however.)
-- 
Paul Vixie