ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Proven solution for authenticating messages

2003-03-04 13:33:18
from [Matthias Leisi] [Permanent Link] 
 

If mail is signed with a certificate from a trusted CA that has met
this test, it inherits the trust of that CA.  If mail comes from
a country that gives the death penalty to spammers and enforces it,
that's fine too.   However, the goal is to have as many was as
people can think up to be accountable.


Most large-scale attempts with certification systems have
failed, especially if they require individual users to take
action - think PGP, which is fine as a technology, but does your
father use it?

But the concept of "inherited trust" is one that I keep thinking
of. Blacklists work quite well, and trustworthy blacklists work
even better; some have earned a good reputation due to their
consistent policy, while others have failed due to irrational
behaviour. 

So, the idea must have already been realized somewhere: why not
build trustworthy Whitelists of accountable, responsible mail
hosts? 

Of course, as with blacklists, there are policy issues with such
lists, as the maintainer might face incentives adverese to
general interest, which would have to be sorted out in one way
or the other. But once a series of whitelists is established, an
important issue raised by Brad should be solved:



The one natural monopoly here is in aggregating traffic volume.  The
throttles counting volume of mail coming from networks do need to
join in a collective to share the volume data, otherwise you can't
detect bulk mail. 


Lists are aggregates by definition ;)

Technically, whitelists are as trivial as blacklists: use some
agreed-upon IP range for DNS queries (e.g. 127.1.0.x). 

With both black- and whitelists being available, we could also
overcome the unsatisfying 1-0-view of blocking/allowing mail. An
average of the rating by different lists (weighted by
trustworthiness of the lists maintainer) should provide
sufficient accuracy in deciding what to do with a mail already
at the envelope stage of mail processing.

Matthias

-- 
Swiss Internet User Group                         http://www.siug.ch/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] MTP draft, Brad Templeton
Next by Date:  Re: use of signatures is not restricted by law (Re: [Asrg] Proven solution for authenticating messages), Adam Back
Previous by Thread:  Re: [Asrg] Proven solution for authenticating messages, Brad Templeton
Next by Thread:  Re: [Asrg] Proven solution for authenticating messages, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]