Yakov Shafranovich wrote:
Maintaining white lists for users in places other
than their computers raises privacy issues as
mentioned many times prior.
As has also been mentioned many times in the past, the use of
"virtual" or "implicit" whitelists by means of using single-user
addresses or passing authentication tokens as part of messages can give
the effect of whitelists while reducing significantly the privacy
issues. (since the whitelist is distributed, it is harder to
reconstruct.)
When discussing "whitelisting" we should not confuse the
mechanism with the concept. The concept is that some subset of the
entire universe of senders is given preferred access to an inbox. This
can either be by checking against an explicit whitelist which is
represented as a monolithic list of senders and privledges or it can be
done algorithmically by checking properties of the sent message (i.e.
tokens in headers or in addresses) to determine if the sender is on an
"implicit" or "virtual" whitelist.
The privacy issues with whitelists only apply to some of the
mechanisms for constructing and/or maintaining them.
bob wyman
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg