[cap-talk] can one use capabilities to stop spam without identity?
Rob Meijer
rmeijer at xs4all.nl
Tue Jan 23 14:32:10 CST 2007
On Mon, January 22, 2007 09:32, Matej Kosik wrote:
>> The use of identities for spam 'should' imho be that if done right it
>> should assure that one person only holds one identity, thus limiting the
>> scenario
>> abouve. I feel that the validation process that CACert.org uses might
>> proof
>> rather usefull for these purposes.
>> If Alice would use her CACert certificate to sign her communication
>> request, Bob could use his certificate to sign this request. The signed
>> request could
>> after this actualy act as a delegatable capability both to send mail to
>> Bob as to send mail to Alice. There are some more details to adress, but
>> basically it could work almost as simple as this.
>
> These mechanisms could help Bob if:
>
> # there were a single certification authority (for example CACert)
> which everyone would use (if not, the certification authorities would
> devide people into disjunct subgroups that cannot communicate without
> the threat of being spammed)
Just as browsers trust a whole range of CA's (some questionable though)
for identification of servers, why shouldn't we use a simular list of
root certificates for identification. I think not many individuals would
pay for the 'standard' CA their client certificates, so the root
certificates you would need to include would most likely be those of
CACert (the class3 only), and those of governments issuing identity cards
with signing certificates.
> # there was a list of spammers
>
> Then Bob would know whether or not to grant a permission to someone.
If you distinguish between revoke-after-usage capabilities and capabilities
the target needs to actively revoke you may not need to wory about this
either. Further given that you allow the long-term capabilities to be
used for introduction, introduction should take over from target approved
communication after a short while.
> Do you think these two preconditions can be fulfilled?
> Regards
> --
> Matej Kosik
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
More information about the cap-talk
mailing list