cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
Re: blog curent status + possible wider range of accepted CAs. was: Re: blog / comments
Chronological Thread
- From: Ian G <iang AT cacert.org>
- To: cacert-sysadm AT lists.cacert.org
- Subject: Re: blog curent status + possible wider range of accepted CAs. was: Re: blog / comments
- Date: Sun, 25 Oct 2009 14:43:41 +0100
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
On 05/10/2009 04:55, Daniel Black wrote:
On Monday 05 October 2009 06:20:56 Ian G wrote:
If that is so, and they are CAcert certs, then do we really need to have
any spam control on there?
no, probably not. Also currently comments with more that 4 links are held in
moderation too.
I just popped in to check this because my own blog post on the issue got a few comments... and I notice that the spam plugin Akismet is claiming now to have trapped 7,889 spams, up from 7,420 when I first looked. You can see this in graphical-captured form here:
https://financialcryptography.com/mt/archives/001201.html
I'm curious -- why is that? Is my thesis that the client certs will stop all spam incorrect? What is Akismet seeing and how does it get through?
theoretically we would need them only for other certs.maybe. I'm tempted to keep it on until there is definitely a problem.
But even client certs from well known& governed CAs should probably beacceptable as a barrier without subjecting them to spam control.
I've contemplated deploying this too. I wouldn't mind a discussion of allowing
a wider set of client certificate holders to participate at some level on our
certificate authenticated services.
Thinking about this, my view is that this is no bad thing. We definately want to kill the spam, and WellKnownCA's certs do that too, probably no different to our own.
But we also want to promote our own cert usage within our entire infrastructure of websites. So I see this as a resources question, in that it would be better to us to spend time getting the other websitees cert-enabled. Wiki next?
Having said that, I have no strong feelings over it. If someone wanted to spend their time encouraging people with WellKnownCA's certs to post on the blog, go for it.
Now that a cert is required, my guess is we won't see any more.I would imagine so. The days since deployment didn't see any. I'll give it one
more change to see if it catches any more false positives.
Seems like it is still doing something. Perhaps I need to eat my spam-words :)
iang
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- blog / comments, Ian G, 10/04/2009
- Re: blog / comments, Daniel Black, 10/04/2009
- Re: blog / comments, Andreas Bürki, 10/04/2009
- Re: blog / comments, Daniel Black, 10/04/2009
- Re: blog / comments, Ian G, 10/04/2009
- blog curent status + possible wider range of accepted CAs. was: Re: blog / comments, Daniel Black, 10/05/2009
- Re: blog curent status + possible wider range of accepted CAs. was: Re: blog / comments, Andreas Bürki, 10/05/2009
- Re: blog curent status + possible wider range of accepted CAs. was: Re: blog / comments, Ian G, 10/25/2009
- Re: blog curent status + possible wider range of accepted CAs. was: Re: blog / comments, Andreas Bürki, 10/25/2009
- Re: blog curent status + possible wider range of accepted CAs. was: Re: blog / comments, Mario Lipinski, 10/29/2009
- RE: blog curent status + possible wider range of accepted CAs. was: Re: blog / comments, ulrich, 10/29/2009
- Re: blog curent status + possible wider range of accepted CAs. was: Re: blog / comments, Andreas Bürki, 10/25/2009
- blog curent status + possible wider range of accepted CAs. was: Re: blog / comments, Daniel Black, 10/05/2009
- Re: blog / comments, Ian G, 10/04/2009
- Re: blog / comments, Daniel Black, 10/04/2009
Archive powered by MHonArc 2.6.16.