Wandering Thoughts archives

2008-02-02

Why certified/authenticated email cannot solve spam

There are a number of schemes for dealing with spam that boil down to 'people will get SSL certificates, you only accept email with a valid certificate, and if people still spam the certificate authority will revoke their certificate'. There is a simple, core problem with these schemes:

Certificate revocation never works.

Certificate authorities are paid by the people who they issue certificates to, not by the people accepting those certificates. The people who provide the money do not want their certificates revoked, and so it is not in the economic interests of the CAs to revoke certificates. So they don't. Oh, they always have reasons, and sometimes they are pushed to revoke a certificate or two to keep their business rolling in, but that's it.

(The other problem is that revoking certificates does not make the CA any money; it is a cost center, not a profit center. And any organization spends as little on cost centers as they can get away with, which means that cost centers inevitably work badly.)

The same is true of schemes for email authentication. In practice, pretty much the only time that a certificate is going to get revoked is if it was issued to the wrong organization. If it was merely 'misused' inside the organization, that's an internal matter for the organization, not something that the CA will get involved in.

(This entirely ignores all of the practical problems with certificate revocation, which are highly non-trivial.)

spam/CertifiedMailProblem written at 23:14:20; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.