ietf-asrg
[Top] [All Lists]

Re: [Asrg] New take on emerging idea. (yet another C-R system?)

2003-04-10 13:05:55
From: Chuq Von Rospach <chuqui(_at_)plaidworks(_dot_)com>
sorry, I couldn't read the entire documents. The click ads at the top were giving me freaking headers with their flashing and gibbering.

sorry- free host- get what ya pay for-

But it looks to be a central repository. Any central database is going to be subject to attack and subversion, because it's a single point of access -- crack the database, you get access to all that stuff.

The database is designed to be public.
each entry is the responsability of the person who made it.
Multiple backups are part of the system. there are special provisions for hijacked accounts/ unusual behavior.

You also have to worry about scaling. Even if these things are done on an organizational level, it builds quickly -- what works for my home machine may not work for one with 1000 users, or 10000, or 100000. It gets nasty quickly.

I'm sure that it could be done. perhaps it couldn't run on my home pc, but I cant beat garry kasparov with my pc either.

And finally, you create a huge issue of authentication and authorization. Which, given this system is about authentication and authorization, makes it seem somewhat sideways. The user is going to have to keep authorization/authentication info so they can go and generate authorization/authentication info? And what if it leaks? If my MUA maintains my whitelisting data and someone cracks my machine, I'm screwed (but I'm screwed anyway). If someone cracks a server with 10,000 users worth of data on it....

Your Mail User Agent only stores the info for you.
like you say if it goes down youve got bigger problems.
John Fenley


_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg