ietf-asrg
[Top] [All Lists]

Re: [Asrg] New take on emerging idea. (yet another C-R system?)

2003-04-10 10:57:09
From: J C Lawrence <claw(_at_)kanga(_dot_)nu>
If you do it via consent tokens, the user can see all the consent tokens
he as acquired from others, and the consent tokens he has grated
others.  He doesn't (necessarily) see how or why those tokens were
created or exchanged, or what traffic takes advantage of them.

sounds a little messy, and confusing for a new internet user to deal with.


Note that this process exposes another spam vector.  As systems will
have to maintain their private lists of consent tokens, then an obvious
spammer approach is to compromise systems (and subscribe to large
mailing lists) and collect tuples of address pairs and consent tokens.
If they can then inject forged mail with the appropriate envelopes and
tokens they can bypass the system.

Messier, and less secure that temporary whitelisting/choicelisting.

John Fenley

side note:
=====================================================
I have updated my plan to allow notification of delivery failure to list managers. This was lacking in the previous version, and I think it nicely rounds out the plan.

www.pontifier.com/database.html
www.pontifier.com/challenge.html

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>