ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] New take on emerging idea. (yet another C-R system?)

2003-04-10 10:25:38
from [J C Lawrence] [Permanent Link] 
On Thu, 10 Apr 2003 09:27:52 -0400 
Kee Hinckley <nazgul(_at_)somewhere(_dot_)com> wrote:

At 11:49 PM -0700 4/9/03, J C Lawrence wrote:



a) Properly handle mailing list mail

 

Precedence header, or a heuristic of List-* headers, precedence
header and others?



Don't give the spammers a way to get out of the system by faking List
headers.


Quite.  My tendency is that we should sketch out a protocol by which the
subscription process can establish and maintain a consent token.

  ObNote: I'm want to stay very carefully clear of how a consent token
  is expressed, encoded, transfered, etc at this point.  Let's first get
  the grammar of the consent protocol down, how the damn things move
  about, when, etc before we worry about implementation.


c) Include protections against loops, obviously and challenging
other challenges, autoresponses etc.



Not to belabor the obvious, but this would seem to be true for C/R
systems which use email as the transport for both directions.  I
don't see that we need to define or mandate that both the challenge
and the response need to be email-based.



Keep in mind that just because you can read email does not mean that
you can use the web.  Company policies can and often do restrict web
use.  Many people read email off-line, and of course not all email
users are on the internet.


True.  However I don't see it as our business to get messed in with the
details of how the challenge reply is phrased, over what transport, what
forms challenges can take, how it is communicated to the mail system,
etc etc.  We can reasonably leave that space alone and unstandardised.
If some want to use the web, so be it.  Ditto for others with image
tests which select against the blind or language tests which select
against foreign language users.

Not our business and not our interest -- especially since we know that
the field of challenge definitions MUST not be standardised or even very
slightly to be remain profitably resistant to automation.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw(_at_)kanga(_dot_)nu               He lived as a devil, eh?           
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Ban the bounce; improved challenge-response systems, J C Lawrence
Next by Date:  Re: [Asrg] New take on emerging idea. (yet another C-R system?), John Fenley
Previous by Thread:  Re: [Asrg] New take on emerging idea. (yet another C-R system?), Kee Hinckley
Next by Thread:  Re: [Asrg] New take on emerging idea. (yet another C-R system?), Chuq Von Rospach
Indexes:  [Date] [Thread] [Top] [All Lists]