ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] What would consent look like?

2003-03-10 03:47:23
from [Jon Kyme] [Permanent Link] 
I'd be interested to know if anyone thinks this is a stoopid idea 
- so I don't waste any effort on it.  Be warned, there's a fair
amount of hand-waving below.
 
Consent might look something like this:

applies-to:  user(_at_)domain(_dot_)example
classes:     set of message classifications
access:      allow | deny 
scope:       local | organisational | global


I (or my MUA) compose such a token and the infrastructure
propagates it subject to the scope field.

i.e. if scope is "local" it probably doesn't propagate beyond 
my MUA and this is equivalent to setting user preferences for 
the application.

If scope is "organisational" then this consent is propagated 
only to (or made available to) my organisations mail infrastructure.

"global" ... you get the picture

I can generate many (or none) such tokens.
They can be "folded together" in some way.
The applies-to field could be wild-carded (*(_at_)domain(_dot_)example)


The token is authenticated by some method. 
  Perhaps by mail-back to (and reply from)
  the address it applies to. This would only happen once
  for each token.
  Or perhaps it's signed.
  Or perhaps it's authenticated by some local or organisational
   "special knowledge".

Propagation is secure.
    This would require signing I guess, but would only need to be 
    signed per domain (per organisation?).  
    We don't *need* a key per recipient addresses.

The sender need not (if malevolent - won't) consult the consent
infrastructure.

Intermediate systems (relays) should consult but wouldn't be
required to.

My organisational mail systems will probably (but can't be 
required to) consult.

My MUA will always consult. Or I get one that does.

Any agent that consults must be able to make a classification of 
the message (or be able to access an acceptable, verified 
classification). Perhaps a (signed) classification set can be 
transported with the message?

I don't propose an implementation for the consent infrastructure.

I believe it's interesting because it doesn't 
require all the entities to be capable of signing stuff, seems 
capable of "covering" current systems and something along these
lines might be deployed incrementally.
"Filtering" on the basis of consent / classification will occur 
as near source as possible (as far away from me as I allow 
- via scope).

It does, of course, rely on an accepted system of message 
classification. In the absence of which it's useless. Oh well :-)









--
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Taxonomy of anti-spam systems, william
Next by Date:  Re: [Asrg] Lets Fix Mailing Lists, Hadmut Danisch
Previous by Thread:  [Asrg] Lame filters at pop.snert.net, Matt Sergeant
Next by Thread:  Re: [Asrg] What would consent look like?, Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]