sorry, I couldn't read the entire documents. The click ads at the top
were giving me freaking headers with their flashing and gibbering.
But it looks to be a central repository. Any central database is going
to be subject to attack and subversion, because it's a single point of
access -- crack the database, you get access to all that stuff. You
also have to worry about scaling. Even if these things are done on an
organizational level, it builds quickly -- what works for my home
machine may not work for one with 1000 users, or 10000, or 100000. It
gets nasty quickly.
And finally, you create a huge issue of authentication and
authorization. Which, given this system is about authentication and
authorization, makes it seem somewhat sideways. The user is going to
have to keep authorization/authentication info so they can go and
generate authorization/authentication info? And what if it leaks? If my
MUA maintains my whitelisting data and someone cracks my machine, I'm
screwed (but I'm screwed anyway). If someone cracks a server with
10,000 users worth of data on it....
On Thursday, April 10, 2003, at 12:19 PM, John Fenley wrote:
> www.pontifier.com/database.html www.pontifier.com/challenge.html
I don't like and would rather avoid centrally defined and managed
systems. They are too prone to abuse, and frankly, I consider them
unsuitable, especially given recent history.
Could you please elaborate? I think my system would handle abuse well:
basically it is a tool to help a user maintain an up-to-date whitelist
of their own, a task that is difficult or impossible for a person to
do now.
recent history?... I'm not sure I follow.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg