Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

A free way to establish identity

Today's breaking news
Send to a friendFeedback

By Mark Gibbs
Network World, 07/05/99

I was talking to someone recently who was complaining about spam and how it is getting worse every day. Now, I have always contended that to control spam there's only one requirement: Establishing the identity of the sender.

To do this requires that messages be signed with digital signatures. Then if a message arrived without a signature, your e-mail client could trash it or otherwise handle it as being "improper."

Digital signatures require a digital certificate that is appended to the message along with a message digest - effectively a checksum of the message contents combined with the digital certificate (see Gearhead, NW, Feb. 1, 1999). Digital certificates can be issued by a number of certification authorities, such as Verisign, a pioneer in this technology.

When a message is received, the identity of the originator can be established by referring the attached certificate to the certification authority, which should be a known and reputable organization. The certification authority's reputation is important, as I'm sure you would not accept certificates from unknown authorities, such as The Unknown Certificate Company or Spam 'R Us.

But a useful certificate from a reputable certification authority costs money. Sure, Verisign has been distributing certificates for free, but that doesn't help - the free certificates don't ensure that the certificate's owner can be established. From the point of view of authentication, the freebie certificates are about as much use as presenting your official Dick Tracy Detective Club membership.

Useful certificates start at $9.95 per annum, which is not much. But I think it's a fairly safe bet that the majority of Internet users won't pony up for something that won't have obvious and immediate value to them. When the volume of spam they receive exceeds 50%, then 60%, then 70% of their e-mail, well, they may feel differently.

But even though they will eventually see the need for an effective method of dealing with spam, it will be years before the majority of users feel forced to do something. By that time, the end of useful Internet e-mail will be upon us.

What we need to do is get certification into the market as soon as possible. To have any impact, getting and using digital certificates must be easy to do, and when it comes to appealing to the majority of Internet users, the great motivator is the word "free."

So, I have this idea: Banks and other institutions that know their customers well should give away certificates. They should do so in cooperation with Verisign or some other reputable authority, or even set up their own certificate authority. Because these organizations know their customers, they can realistically and inexpensively establish a customer's identity.

And then these sponsors, along with the Internet Engineering Task Force, the World Wide Web Consortium, the Internet Mail Consortium, Microsoft, IBM, Qualcomm and other groups and vendors with Internet interests, should promote the need to use the certificates.

So, what's in this for whom? To begin with, it would prevent what would otherwise be inevitable - the complete breakdown of Internet mail, so the plan is in everyone's interest.

For the banks and other financial institutions, the win is to create a public infrastructure that supports commerce in general and financial transactions in particular. And vendors such as Microsoft, IBM and Qual-comm become confirmed as market leaders and visionaries and receive a more stable infrastructure in which to sell their products.

So what do you think? Will it work? Will financial institutions and vendors see the opportunity? Can users be encouraged to use digital certificates? What will the problems be? Let me know.

Are you authentic? Certificates to nwcolumn@gibbs.com.

What do you think? Don't be shy! Jump into the Gibbs Forum on this column.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.